CVE-2025-49214

CWE-477 CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

8.8HIGH

EPSS

3.9%

top 11.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro, Inc. Trend Micro Endpoint Encryption Policy Server Trendmicro Trend Micro Endpoint Encryption

Timeline

PublishedJun 17

Description

An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro,_inc./trend_micro_endpoint_encryption_policy_server6.0 — 6.0.0.4013

▶NVDtrendmicro/trend_micro_endpoint_encryption< 6.0.0.4013

🔴Vulnerability Details

CVEList

CVE-2025-49214: An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on↗2025-06-17

▶

GHSA

GHSA-f5jf-ffmh-7gfq: An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on↗2025-06-17

▶

📋Vendor Advisories

Microsoft

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.↗2024-10-08

▶