CVE-2025-49215
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | trend_micro_endpoint_encryption | to 6.0.0.4013 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-242 | The product calls a function that can never be guaranteed to work safely. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a post-authentication SQL injection in the Trend Micro Endpoint Encryption PolicyServer, specifically in the GetGroupFilteredUsers method. It occurs because user input is not properly validated when constructing SQL queries, allowing an attacker who has some level of access to inject malicious SQL code. Although the attacker must first have low-privileged code execution on the system, they can exploit this flaw to escalate their privileges and gain access to protected resources. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to escalate their privileges on the affected system, potentially gaining unauthorized access to sensitive data and protected resources. This can lead to a compromise of confidentiality, integrity, and availability of the system, as indicated by the high CVSS score of 8.8. An attacker could remotely exploit this vulnerability to take control over the system or disrupt its normal operations. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the update released by Trend Micro to address and fix the SQL Injection vulnerability in the Endpoint Encryption PolicyServer. Additionally, ensure that only trusted users have the ability to execute code on the system, as exploitation requires prior low-privileged code execution. [1]