CVE-2025-49216

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
trendmicrotrend_micro_endpoint_encryption
𝑥
< 6.0.0.4013
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://success.trendmicro.com/en-US/solution/KA-0019928
https://www.zerodayinitiative.com/advisories/ZDI-25-373/