An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
The PolicyServer component deserializes data transmitted over the network without proper verification of its origin or content, using an unsafe deserialization operation (CWE-477, CWE-502). An attacker can provide a crafted payload that will be deserialized before any authentication stage, leading directly to code execution in the server context. The vulnerability is similar to CVE-2025-49213, but affects a different method in the same component.
An attacker without any privileges can obtain full remote code execution (RCE) on the vulnerable server, leading to compromise of confidentiality, integrity, and availability of the system.
Apply patches available from the vendor according to the references — detailed information about the patch version is available at https://success.trendmicro.com/en-US/solution/KA-0019928
Trend Micro Endpoint Encryption PolicyServer installed on Microsoft Windows — exact versions indicated in the vendor references (https://success.trendmicro.com/en-US/solution/KA-0019928)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows
OSMicrosoftwszystkie wersjeTrendmicro Trend Micro Endpoint Encryption
APPTrendmicro< 6.0.0.4013
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit