CVE-2025-49212

Published Jun 17, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different method.
Source
security@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@trendmicro.com
CWE-477

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades corregidas en los productos de Trend Micro ❗CVE-2025-49219 ❗CVE-2025-49220 ❗CVE-2025-49212 ❗CVE-2025-49216 ➡️Más info: https://t.co/ZCzRsiTMQf https://t.co/NOhmrIJmlU

    @CERTpy

    20 Jun 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-49212: CRITICAL] Warning: Trend Micro Endpoint Encryption PolicyServer vulnerable to remote code execution due to insecure deserialization. Patch recommended to mitigate risks. #CyberSecurity#cve,CVE-2025-49212,#cybersecurity https://t.co/HspgFFDAZv https://t.co/tOXs0Dh

    @CveFindCom

    18 Jun 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CRITICAL RCE alert! Trend Micro Endpoint Encryption Policy Server 6.0 hit by CVE-2025-49212. Pre-auth exploit risk—act fast! 🔒 https://t.co/2sFxcjX2TJ #OffSeq #TrendMicro #RCE https://t.co/1yiolKtJhd

    @offseq

    18 Jun 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-49212 An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected install… https://t.co/21BkPBCN5T

    @CVEnew

    17 Jun 2025

    489 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-49212

    @transilienceai

    15 Jun 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-49212

    @transilienceai

    14 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-49212

    @transilienceai

    13 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References

Sources include official advisories and independent security research.