2025-0610-TM-TMEE-001

Vulnerability from csaf_trendmicro - Published: 2025-06-10 10:00 - Updated: 2025-06-10 10:00
Summary
CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)
Notes
Title: CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)

A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

CWE-477 - Use of Obsolete Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

CWE-477 - Use of Obsolete Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CWE-477 - Use of Obsolete Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CWE-242 - Use of Inherently Dangerous Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

CWE-477 - Use of Obsolete Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.

CWE-477 - Use of Obsolete Function
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected products
Product Identifier Version Remediation
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
6.0
Vendor Fix fix
Acknowledgments
Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)",
        "title": "Title"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security@trendmicro.com",
      "issuing_authority": "Trend Micro PSIRT",
      "name": "Trend Micro",
      "namespace": "https://www.trendmicro.com/vulnerability"
    },
    "references": [
      {
        "summary": "Trend Micro Security Bulletin",
        "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
      }
    ],
    "title": "CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)",
    "tracking": {
      "current_release_date": "2025-06-10T10:00:00.000Z",
      "generator": {
        "date": "2025-07-23T18:52:10.745Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.31"
        }
      },
      "id": "2025-0610-TM-TMEE-001",
      "initial_release_date": "2025-06-10T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-06-10T10:00:00.000Z",
          "number": "1",
          "summary": "Initial version."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6.0",
                "product": {
                  "name": "Trend Micro Endpoint Encryption Policy Server",
                  "product_id": "TM-TMEE-001"
                }
              }
            ],
            "category": "product_name",
            "name": "Endpoint Encryption Policy Server"
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49211",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. \n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25528",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "environmentalScore": 7.7,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "SQL Injection Privilege Escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49212",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25507",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": " Deserialization of Untrusted Data RCE"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49213",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25506",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "environmentalScore": 7.7,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "Deserialization of Untrusted Data RCE"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49214",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25518",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "Deserialization of Untrusted Data RCE"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49215",
      "cwe": {
        "id": "CWE-242",
        "name": "Use of Inherently Dangerous Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. \n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25528",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "SQL Injection Privilege Escalation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49216",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. ",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25519",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "Authentication Bypass"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49217",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "description",
          "text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25505",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "Deserialization of Untrusted Data RCE"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
          ]
        }
      ],
      "cve": "CVE-2025-49218",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "known_affected": [
          "TM-TMEE-001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "ZDI-CAN-25526",
          "url": "https://www.zerodayinitiative.com/advisories/published/"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-06-10T19:00:00.000Z",
          "details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
          "product_ids": [
            "TM-TMEE-001"
          ],
          "url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "environmentalScore": 7.7,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "temporalScore": 7.7,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "TM-TMEE-001"
          ]
        }
      ],
      "title": "SQL Injection Privilege Escalation"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…