CVE-2025-49213

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Endpoint Encryption (TMEE) (affected versions not specified)

Description The issue is related to insufficient input validation in the PolicyServerWindowsService class of the Trend Micro Endpoint Encryption (TMEE) PolicyServer data encryption tool. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability involves deserialization of untrusted data, which can lead to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-477CWE-20

Related Identifiers

BDU:2025-06795

CVE-2025-49213

ZDI-25-370

Affected Products

Trend Micro Endpoint Encryption

CVE-2025-49213

Weakness Enumeration

Related Identifiers

Affected Products

References · 14