cbcvebase.
CVE-2025-49213
published 2025-06-17

CVE-2025-49213: An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.94%
94.0th percentile
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.

Affected

2 ranges
VendorProductVersion rangeFixed in
trend_micro_inctrend_micro_endpoint_encryption_policy_server>= 6.0 < 6.0.0.40136.0.0.4013
trendmicrotrend_micro_endpoint_encryption< 6.0.0.40136.0.0.4013

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-49213 is a pre-authentication remote code execution vulnerability in Trend Micro Endpoint Encryption PolicyServer, enabling unauthenticated SYSTEM-level access. Detection should focus on unauthenticated/anomalous requests to the PolicyServer service.
  • CVE-2025-49213 involves an insecure deserialization operation in Trend Micro Endpoint Encryption PolicyServer. Monitor for suspicious deserialization activity or unexpected process spawning from the PolicyServer process.
  • ·CVE-2025-49213 is noted as similar to CVE-2025-49217 but affects a different method within the same Trend Micro Endpoint Encryption PolicyServer product. Detections should account for both vulnerabilities targeting different deserialization methods.
  • ·Trend Micro has released patches for CVE-2025-49213; ensure PolicyServer installations are patched to remediate the pre-auth RCE risk.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.