CVE-2025-49216

EPSS 0.09%
Veröffentlicht 17.06.2025 20:28:07
Zuletzt bearbeitet 08.09.2025 21:10:36
Quelle security@trendmicro.com
Teams Watchlist Login
Unerledigt Login

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Trend Micro Endpoint Encryption Version < 6.0.0.4013

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@trendmicro.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-477 Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

https://success.trendmicro.com/en-US/solution/KA-0019928

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-373/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-49216

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49216

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49216

EUVD