CVE-2025-49217
CRITICALDescription
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different method.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| trendmicro | trend_micro_endpoint_encryption |
| microsoft | windows |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-49217? +
How severe is CVE-2025-49217? +
What products are affected by CVE-2025-49217? +
How do I check if I'm vulnerable to CVE-2025-49217? +
Related Vulnerabilities
An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution …
An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution …
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on …
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on …
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as …
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on …