CVE-2025-49211
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | trend_micro_endpoint_encryption | to 6.0.0.4013 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SQL injection flaw in the Trend Micro Endpoint Encryption PolicyServer, specifically in the BuildEnterpriseSearchString method. It occurs due to improper validation of user-supplied input used to construct SQL queries. An attacker who can execute low-privileged code on the target system can exploit this to escalate privileges and gain access to protected resources. Although exploitation requires authentication, the authentication mechanism can be bypassed by remote attackers. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to escalate their privileges on the affected system, potentially gaining unauthorized access to protected resources. This can lead to data compromise, unauthorized actions, and disruption of system integrity and availability. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the update released by Trend Micro that addresses and fixes this SQL injection vulnerability in the Endpoint Encryption PolicyServer. Since exploitation requires the ability to execute low-privileged code, also ensure that systems are protected against unauthorized code execution and monitor for suspicious activity that could indicate attempts to bypass authentication. [1]