CVE-2025-49212
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | trend_micro_endpoint_encryption | to 6.0.0.4013 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-477 | The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. |
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49212 is a critical vulnerability in the Trend Micro Endpoint Encryption PolicyServer caused by insecure deserialization in the PolicyValueTableSerializationBinder class. This flaw allows remote attackers to send specially crafted data that the system improperly validates and deserializes, enabling them to execute arbitrary code with SYSTEM privileges without needing to authenticate. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution with SYSTEM-level privileges by an unauthenticated attacker. This means an attacker could take full control of the affected system, potentially leading to data theft, system compromise, disruption of services, or further attacks within the network. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2025-49212, immediately update Trend Micro Endpoint Encryption to the latest version that includes the fix for this vulnerability. Additionally, restrict physical and remote access to vulnerable machines and maintain up-to-date perimeter security policies. Trend Micro has also provided Network IPS rules/filters (such as TippingPoint and Trend Micro Cloud One - Network Security filters 45073 and 45072) for proactive secondary protection against exploitation attempts. [1, 2]