Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Trend Micro patches Critical Vulnerabilities for its Endpoint Encryption PolicyServer. Patch Immediately!
Image
Published : 12/06/2025
Last update: 12/06/2025
Affected software:: Endpoint Encryption PolicyServer versions before 6.0.0.4013
Type: Remote Code Execution (RCE) and Authentication Bypass
- CVE/CVSS
→ CVE-2025-49212: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-49213: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-49216: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-49217: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://success.trendmicro.com/en-US/solution/KA-0019928
Risks
Trend Micro has released security update to address multiple vulnerabilities in its Endpoint Encryption PolicyServer. The CCB would like to point your attention to the following vulnerabilities:
CVE 2025 49212, CVE 2025 49213 and CVE 2025 49217 are critical remote code execution vulnerabilities affecting Trend Micro Endpoint Encryption. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on affected installations.
CVE 2025 49216 is an authentication bypass vulnerability affecting Trend Micro Endpoint Encryption. This critical vulnerability could allow a remote attacker to bypass authentication on affected systems.
An attacker exploiting this vulnerability could severely impact the confidentiality, availability and integrity of affected systems.
Description
CVE 2025 49212 is a vulnerability within the PolicyValueTableSerializationBinder class. This issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An unauthenticated attacker exploit this vulnerability to execute arbitrary code to affected installations.
CVE 2025 49213 exists within the PolicyServerWindowsService class. This vulnerability results from lack of proper validation of user supplied data, which can result in deserialization of untrusted data. Successful exploitation of this vulnerability allows an attacker to execute code on affected systems.
CVE 2025 49217 is a vulnerability that exists within the implementation of the ValidateToken method. This issue is due to lack of proper validation of user supplied data, which can lead to deserialization of untrusted data. A malicious attack could exploit this vulnerability to execute code in the context of SYSTEM.
CVE 2025 49216 is an authentication bypass vulnerability that exists within the DbAppDomain service. This issue results from an improper implementation of an authentication algorithm. Successful exploitation of this vulnerability could allow an attacker to bypass authentication on the system.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:< https://ccb.belgium.be/cert/report-incident>.
References
https://www.zerodayinitiative.com/advisories/ZDI-25-373/
https://www.zerodayinitiative.com/advisories/ZDI-25-370/
https://www.zerodayinitiative.com/advisories/ZDI-25-369/