CVE-2025-49216
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-09-08
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | trend_micro_endpoint_encryption | to 6.0.0.4013 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-477 | The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in the Trend Micro Endpoint Encryption PolicyServer, specifically in the DbAppDomain service. Due to improper implementation of the authentication algorithm, an attacker can remotely bypass authentication without any user interaction or privileges, gaining unauthorized admin-level access to key methods and the ability to modify product configurations. [1]
How can this vulnerability impact me? :
Exploiting this vulnerability allows an attacker to gain unauthorized administrative access, which can lead to full compromise of confidentiality, integrity, and availability of the affected system. This means attackers can modify product configurations and potentially disrupt or manipulate the encryption policies protecting sensitive data. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the update released by Trend Micro to fix the authentication bypass vulnerability in the DbAppDomain service of Trend Micro Endpoint Encryption PolicyServer. [1]