[Vulnerability Alert] Multiple Critical Vulnerabilities in Trend Micro Endpoint Encryption PolicyServer
publish date :
2025-06-23
update date :
2025-06-23
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025061811064949 | Publication Time | 2025/06/18 11:35 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/06/18 11:35 |
| Impact Level | Low | ||
| [Subject] [Vulnerability Alert] Multiple Critical Vulnerabilities in Trend Micro Endpoint Encryption PolicyServer |
|||
| [Content] Forwarded from TWCERTCC-200-202506-00000012 Trend Micro Endpoint Encryption PolicyServer (TMEE) is an enterprise-grade solution that offers full-disk and portable media encryption for Windows devices. It is widely adopted in heavily regulated industries that must comply with data protection regulations. Recently, multiple critical vulnerabilities were disclosed and patched: CVE-2025-49212 (CVSS: 9.8): TMEE is affected by unsafe deserialization, allowing unauthenticated remote attackers to execute arbitrary code on vulnerable TMEE installations. CVE-2025-49213 (CVSS: 9.8): Another instance of unsafe deserialization, also allowing unauthenticated remote code execution. CVE-2025-49214 (CVSS: 8.8): Authenticated attackers with low privilege code execution capabilities can exploit unsafe deserialization to run arbitrary code remotely. CVE-2025-49215 (CVSS: 8.8): Authenticated attackers with limited access can perform SQL injection attacks to escalate privileges. CVE-2025-49216 (CVSS: 9.8): Authentication bypass vulnerability allows attackers to access critical methods and modify product configurations with administrator privileges. CVE-2025-49217 (CVSS: 9.8): Yet another unsafe deserialization vulnerability, permitting unauthenticated remote code execution. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Trend Micro Endpoint Encryption (TMEE) PolicyServer versions prior to 6.0.0.4013 |
|||
| [Recommended Actions] Update Trend Micro Endpoint Encryption (TMEE) PolicyServer to version 6.0.0.4013 or later. |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10186-4abcc-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center