2025-0610-TM-TMEE-001
Vulnerability from csaf_trendmicro - Published: 2025-06-10 10:00 - Updated: 2025-06-10 10:00A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Trend Micro Endpoint Encryption Policy Server
Trend Micro / Endpoint Encryption Policy Server
|
6.0 |
Vendor Fix
fix
|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)",
"title": "Title"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security@trendmicro.com",
"issuing_authority": "Trend Micro PSIRT",
"name": "Trend Micro",
"namespace": "https://www.trendmicro.com/vulnerability"
},
"references": [
{
"summary": "Trend Micro Security Bulletin",
"url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
}
],
"title": "CRITICAL SECURITY BULLETIN: Trend Micro Endpoint Encryption PolicyServer (June 2025)",
"tracking": {
"current_release_date": "2025-06-10T10:00:00.000Z",
"generator": {
"date": "2025-07-23T18:52:10.745Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.31"
}
},
"id": "2025-0610-TM-TMEE-001",
"initial_release_date": "2025-06-10T10:00:00.000Z",
"revision_history": [
{
"date": "2025-06-10T10:00:00.000Z",
"number": "1",
"summary": "Initial version."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6.0",
"product": {
"name": "Trend Micro Endpoint Encryption Policy Server",
"product_id": "TM-TMEE-001"
}
}
],
"category": "product_name",
"name": "Endpoint Encryption Policy Server"
}
],
"category": "vendor",
"name": "Trend Micro"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49211",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. \n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25528",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "SQL Injection Privilege Escalation"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49212",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25507",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": " Deserialization of Untrusted Data RCE"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49213",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25506",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "Deserialization of Untrusted Data RCE"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49214",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25518",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "Deserialization of Untrusted Data RCE"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49215",
"cwe": {
"id": "CWE-242",
"name": "Use of Inherently Dangerous Function"
},
"notes": [
{
"category": "description",
"text": "A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. \n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25528",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "SQL Injection Privilege Escalation"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49216",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations. ",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25519",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "Authentication Bypass"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49217",
"cwe": {
"id": "CWE-477",
"name": "Use of Obsolete Function"
},
"notes": [
{
"category": "description",
"text": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25505",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "Deserialization of Untrusted Data RCE"
},
{
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of Trend Zero Day Initiative"
]
}
],
"cve": "CVE-2025-49218",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.\n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"known_affected": [
"TM-TMEE-001"
]
},
"references": [
{
"category": "external",
"summary": "ZDI-CAN-25526",
"url": "https://www.zerodayinitiative.com/advisories/published/"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-10T19:00:00.000Z",
"details": "Customers should update to Patch 1 Update 6 (Version 6.0.0.4013) to resolve the issue.",
"product_ids": [
"TM-TMEE-001"
],
"url": "https://downloadcenter.trendmicro.com/index.php?regs=nabu\u0026prodid=1746"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.7,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 7.7,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"TM-TMEE-001"
]
}
],
"title": "SQL Injection Privilege Escalation"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.