cbcvebase.
CVE-2025-49212
published 2025-06-17

CVE-2025-49212: An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.94%
94.0th percentile
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.

Affected

2 ranges
VendorProductVersion rangeFixed in
trend_micro_inctrend_micro_endpoint_encryption_policy_server>= 6.0 < 6.0.0.40136.0.0.4013
trendmicrotrend_micro_endpoint_encryption< 6.0.0.40136.0.0.4013

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-49212 is a pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer, enabling unauthenticated SYSTEM-level access. Detection should focus on unauthenticated/pre-auth requests to the PolicyServer that trigger deserialization operations.
  • CVE-2025-49212 involves an insecure deserialization operation in Trend Micro Endpoint Encryption PolicyServer. Monitor for anomalous deserialization payloads sent to the PolicyServer prior to authentication.
  • ·CVE-2025-49212 and CVE-2025-49213 are distinct vulnerabilities affecting the same product (Trend Micro Endpoint Encryption PolicyServer) but exploit different methods. Detection rules should account for both methods independently.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.