FlagThis

Trend Micro has released security updates to address critical vulnerabilities in its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. These vulnerabilities, which include remote code execution and authentication bypass flaws, pose a significant risk to affected systems. The company urges administrators to apply the necessary security updates as soon as possible to mitigate potential exploitation. While Trend Micro states there is no evidence of active exploitation in the wild, the severity of the flaws necessitates immediate action.

One specific vulnerability, tracked as ZDI-25-371, exists within the Endpoint Encryption product and involves the DeserializeFromBase64String method. This flaw stems from a lack of proper validation of user-supplied data, which can lead to the deserialization of untrusted data. An attacker who successfully exploits this vulnerability can execute code in the context of SYSTEM, potentially gaining complete control over the affected system. Although authentication is required, the existing authentication mechanism can be bypassed, making exploitation easier.

The vulnerabilities were reported to Trend Micro on October 11, 2024, by Piotr Bazydlo of Trend Micro's Zero Day Initiative. A coordinated public release of the advisory followed on June 11, 2025. Users of Apex Central and Endpoint Encryption (TMEE) PolicyServer products are advised to visit the Trend Micro website for details on obtaining and applying the necessary patches. Further information on the specific fixes can be found at https://success.trendmicro.com/en-US/solution/KA-0019928.

ImgSrc: arcticwolf.com

References :

• ZDI: Published Advisories: ZDI-25-371: Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability
• BleepingComputer: Trend Micro fixes critical vulnerabilities in multiple products
• BleepingComputer: Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products.
• ZDI: Published Advisories: ZDI-25-373: Trend Micro Endpoint Encryption DbAppDomain Authentication Bypass Vulnerability
• www.bleepingcomputer.com: Trend Micro fixes critical vulnerabilities in multiple products
• securityaffairs.com: Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer
• www.scworld.com: Trend Micro patches four 9.8 bugs in encryption PolicyServer products
• arcticwolf.com: Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
• Arctic Wolf: Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
• The DefendOps Diaries: Trend Micro Addresses Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
• arcticwolf.com: Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
• Arctic Wolf: Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer
• www.techradar.com: Trend Micro patches several worrying security flaws, so update now
• cyble.com: CERT-In Vulnerability Note Highlights Critical Security Risks in Ivanti, Trend Micro, Apache Kafka, and SAP Products

Classification:

• HashTags: #RCE #AuthenticationBypass #TrendMicro
• Company: Trend Micro
• Target: Trend Micro Customers
• Product: Apex Central, Endpoint Encryption
• Feature: Authentication Bypass
• Malware: CVE-2025-49216
• Type: Vulnerability
• Severity: Critical