PT-2025-25266 · Trend Micro · Trend Micro Endpoint Encryption

Chudypb

Publicado

2024-10-11

Atualizado

2025-09-08

CVE-2025-49213

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Endpoint Encryption (TMEE) (affected versions not specified)

Description The issue is related to insufficient input validation in the PolicyServerWindowsService class of the Trend Micro Endpoint Encryption (TMEE) PolicyServer data encryption tool. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability involves deserialization of untrusted data, which can lead to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-477CWE-20

Identificadores relacionados

BDU:2025-06795

CVE-2025-49213

ZDI-25-370

Produtos afetados

Trend Micro Endpoint Encryption

PT-2025-25266 · Trend Micro · Trend Micro Endpoint Encryption

CVE-2025-49213

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14