CVE-2025-49213

Published Jun 17, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different method.
Source
security@trendmicro.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@trendmicro.com
CWE-477

Social media

Hype score
Not currently trending

  1. [CVE-2025-49213: CRITICAL] Beware of a critical vulnerability in Trend Micro Endpoint Encryption PolicyServer allowing pre-auth remote code execution due to insecure deserialization operation. #cybersecurity#cve,CVE-2025-49213,#cybersecurity https://t.co/QwYmrWfnc9 https://t.co/b

    @CveFindCom

    18 Jun 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-49217: CRITICAL] Insecure deserialization in Trend Micro's Endpoint Encryption PolicyServer could allow pre-auth remote code execution. Differs from previous CVE-2025-49213. #CyberSecurity#cve,CVE-2025-49217,#cybersecurity https://t.co/hP7AzbXdmd https://t.co/I8tGPrDGvl

    @CveFindCom

    18 Jun 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-49213 An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected install… https://t.co/Qceo4VZERb

    @CVEnew

    17 Jun 2025

    445 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.