CVE-2025-49216
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro, Inc. | Trend Micro Endpoint Encryption Policy Server | 6.0 < 6.0.0.4013 | affected |
Weaknesses
- CWE-477: CWE-477: Use of Obsolete Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://success.trendmicro.com/en-US/solution/KA-0019928
- https://www.zerodayinitiative.com/advisories/ZDI-25-373/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.