CVE-2025-49216 — Use of Obsolete Function in Micro INC Trend Micro Endpoint Encryption Policy Server

CWE-477 — Use of Obsolete Function3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 47.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Endpoint Encryption Policy Server Trendmicro Trend Micro Endpoint Encryption

Timeline

PublishedJun 17

Description

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5trend_micro_inc/trend_micro_endpoint_encryption_policy_server6.0 — 6.0.0.4013

▶NVDtrendmicro/trend_micro_endpoint_encryption< 6.0.0.4013

🔴Vulnerability Details

CVEList

CVE-2025-49216: An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin u↗2025-06-17

▶

GHSA

GHSA-43v6-mq3r-qmhx: An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin u↗2025-06-17

▶