CVE-2025-49216

EPSS 0.09%
Published 17.06.2025 20:28:07
Last modified 08.09.2025 21:10:36
Source security@trendmicro.com
Teams watchlist Login
Open Login

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Trend Micro Endpoint Encryption Version < 6.0.0.4013

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@trendmicro.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-477 Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

https://success.trendmicro.com/en-US/solution/KA-0019928

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-25-373/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-49216

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-49216

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-49216

EUVD