CVE-2025-49213 (GCVE-0-2025-49213)

Vulnerability from cvelistv5 – Published: 2025-06-17 20:27 – Updated: 2025-06-18 14:42
VLAI?
Summary
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-477 - Use of Obsolete Function
Assigner
References
Impacted products
Vendor Product Version
Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server Affected: 6.0 , < 6.0.0.4013 (semver)
    cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T14:36:00.638328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T14:42:21.550Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*"
          ],
          "product": "Trend Micro Endpoint Encryption Policy Server",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "6.0.0.4013",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "CWE-477: Use of Obsolete Function",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-17T20:27:44.731Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-370/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2025-49213",
    "datePublished": "2025-06-17T20:27:44.731Z",
    "dateReserved": "2025-06-03T18:11:27.259Z",
    "dateUpdated": "2025-06-18T14:42:21.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-49213\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2025-06-17T21:15:39.063\",\"lastModified\":\"2025-09-08T21:09:21.877\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.\"},{\"lang\":\"es\",\"value\":\"Una operaci\u00f3n de deserializaci\u00f3n insegura en Trend Micro Endpoint Encryption PolicyServer podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo antes de la autenticaci\u00f3n en las instalaciones afectadas. Tenga en cuenta que esta vulnerabilidad es similar a CVE-2025-49212, pero se presenta con un m\u00e9todo diferente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@trendmicro.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-477\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:trend_micro_endpoint_encryption:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0.4013\",\"matchCriteriaId\":\"5216BF2B-BE1D-4763-A65D-73A008727BA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://success.trendmicro.com/en-US/solution/KA-0019928\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-25-370/\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49213\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-18T14:36:00.638328Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-18T14:39:42.425Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:trendmicro:endpoint_encryption_policy_server:6.0.0.4013:p1u6:*:*:*:*:*:*\"], \"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Endpoint Encryption Policy Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.0.0.4013\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://success.trendmicro.com/en-US/solution/KA-0019928\"}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-25-370/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-477\", \"description\": \"CWE-477: Use of Obsolete Function\"}]}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2025-06-17T20:27:44.731Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-49213\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T14:42:21.550Z\", \"dateReserved\": \"2025-06-03T18:11:27.259Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2025-06-17T20:27:44.731Z\", \"assignerShortName\": \"trendmicro\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.