Which Trend Micro products are affected by these vulnerabilities?

The vulnerabilities impact Trend Micro Endpoint Encryption PolicyServer (a central management server for full disk encryption), Apex Central management console (centralized security management), and Apex One endpoint security platform.

What are the most critical vulnerabilities in Trend Micro Endpoint Encryption PolicyServer?

Four critical vulnerabilities with CVSS scores of 9.8 affect PolicyServer: CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217 (all pre-authentication remote code execution flaws from insecure deserialization), and CVE-2025-49216 (authentication bypass in the DbAppDomain service due to broken authentication implementation).

What critical vulnerabilities affect Trend Micro Apex Central?

Two critical vulnerabilities with CVSS scores of 9.8 affect Apex Central: CVE-2025-49219 (pre-authentication remote code execution in the GetReportDetailView method) and CVE-2025-49220 (pre-authentication remote code execution in the ConvertFromJson method), both caused by insecure deserialization and improper input validation.

What types of vulnerabilities are most common in these Trend Micro products?

The most common vulnerability types include insecure deserialization leading to remote code execution, SQL injection enabling privilege escalation, authentication bypass flaws, uncontrolled search path vulnerabilities, and link following vulnerabilities allowing local privilege escalation.

Which Trend Micro Apex One vulnerabilities should organizations prioritize?

The highest priority Apex One vulnerabilities include CVE-2025-49155 (CVSS 8.8) for uncontrolled search path vulnerability in the Data Loss Prevention module allowing remote code execution, and CVE-2025-49154 (CVSS 8.7) for insecure access control allowing local attackers to overwrite key memory-mapped files.

What versions of Trend Micro products need to be updated?

Endpoint Encryption PolicyServer versions before 6.0.0.4013 (Patch 1 Update 6) are vulnerable. Apex Central 2019 on-premise installations require Patch B7007, while Apex Central as a Service received automatic updates in April 2025. Apex One requires upgrade to SP1 CP Build 14002 for on-premise or Security Agent Version 14.0.14492 for cloud service.

Why are these Trend Micro vulnerabilities particularly concerning for enterprises?

These vulnerabilities are particularly concerning because they affect enterprise security products that protect critical organizational assets. Multiple pre-authentication remote code execution flaws (CVSS 9.8) could allow attackers to compromise security infrastructure without credentials, potentially leading to complete enterprise security bypass and data protection failures in regulated industries.

Advisory

Trend Micro fixes 15 flaws, at least six critical across multiple products

Q: What additional protective measures has Trend Micro implemented?

Beyond security patches, Trend Micro implemented Network IPS rules and filters for proactive secondary protection. TippingPoint and Cloud One Network Security deployments receive specific filters to detect and prevent exploitation attempts, while Cloud One Workload Security and Deep Security customers benefit from dedicated security rules.

published: June 12, 2025

Take action: This is a big and important patch effort for Trend Micro Products. If you are running Trend Micro Endpoint Encryption PolicyServer or Apex Central, plan a quick patch effort. Even if isolated from the internet, there are too many critical flaws that will be exploited - either by an attacker breaching your perimeter in some other way, or even a disgruntled employee. Don't delay these.

Learn More

Trend Micro has released urgent security updates to address fifteen critical and high-severity vulnerabilities affecting three of its flagship enterprise security products. The security patches address remote code execution, authentication bypass, and privilege escalation flaws

The vulnerabilities impact Trend Micro Endpoint Encryption PolicyServer, Apex Central management console, and Apex One endpoint security platform

Trend Micro Endpoint Encryption PolicyServer is a central management server for Trend Micro Endpoint Encryption (TMEE), providing full disk encryption and removable media encryption for Windows-based endpoints. The product is used in enterprise environments in regulated industries where compliance with data protection standards is critical.

Trend Micro Apex Central serves as a centralized security management console for monitoring and configuring multiple Trend Micro products across organizations.

Critical and High-Severity Vulnerabilities in Trend Micro Endpoint Encryption PolicyServer:

CVE-2025-49212 (CVSS score 9.8) - Pre-authentication remote code execution flaw caused by insecure deserialization in the PolicyValueTableSerializationBinder class
CVE-2025-49213 (CVSS score 9.8) - Pre-authentication remote code execution vulnerability in the PolicyServerWindowsService class from deserialization of untrusted data
CVE-2025-49216 (CVSS score 9.8) - Authentication bypass flaw in the DbAppDomain service due to broken authentication implementation
CVE-2025-49217 (CVSS score 9.8) - Pre-authentication remote code execution vulnerability in the ValidateToken method triggered by unsafe deserialization
CVE-2025-49214 (CVSS score 8.8) - Post-authentication remote code execution flaw from insecure deserialization operations
CVE-2025-49215 (CVSS score 8.8) - Post-authentication SQL injection vulnerability allowing privilege escalation
CVE-2025-49211 (CVSS score 7.7) - SQL injection privilege escalation vulnerability requiring local access
CVE-2025-49218 (CVSS score 7.7) - Post-authentication SQL injection vulnerability enabling privilege escalation

Critical Vulnerabilities in Trend Micro Apex Central:

CVE-2025-49219 (CVSS score 9.8) - Pre-authentication remote code execution flaw in the GetReportDetailView method caused by insecure deserialization
CVE-2025-49220 (CVSS score 9.8) - Pre-authentication remote code execution vulnerability in the ConvertFromJson method from improper input validation during deserialization

High and Medium-Severity Vulnerabilities in Trend Micro Apex One:

CVE-2025-49155 (CVSS score 8.8) - Uncontrolled search path vulnerability in the Data Loss Prevention module allowing remote code execution
CVE-2025-49154 (CVSS score 8.7) - Insecure access control vulnerability allowing local attackers to overwrite key memory-mapped files
CVE-2025-49157 (CVSS score 7.8) - Link following vulnerability in the Damage Cleanup Engine enabling local privilege escalation
CVE-2025-49156 (CVSS score 7.0) - Link following vulnerability in the scan engine allowing local privilege escalation
CVE-2025-49158 (CVSS score 6.7) - Uncontrolled search path vulnerability in the security agent enabling local privilege escalation

The vulnerabilities affect:

Endpoint Encryption PolicyServer, all versions before 6.0.0.4013 (Patch 1 Update 6) are vulnerable.
Apex Central 2019 on-premise installations require Patch B7007, while Apex Central as a Service customers received automatic backend updates during the April 2025 maintenance cycle.
Apex One customers need to upgrade to SP1 CP Build 14002 for on-premise installations or Security Agent Version 14.0.14492 for Apex One as a Service.

Trend Micro has implemented additional protective measures beyond the security patches, including Network IPS rules and filters for proactive secondary protection. TippingPoint and Trend Micro Cloud One Network Security deployments receive specific filters to help detect and prevent exploitation attempts, while Cloud One Workload Security and Deep Security customers benefit from dedicated security rules.

Organizations using affected Trend Micro products should prioritize immediate deployment of these security updates.

Trend Micro fixes 15 flaws, at least six critical across multiple products

Read More
Gogs Zero-Day vulnerability actively exploited
Oracle October Update has patches for over 387 …
Tinyproxy critical vulnerability exposes over 50,000 servers to …
Critical RCE Vulnerability Exploited in Legacy D-Link DSL …
Palo Alto Patches critical flaws in Expedition tool …