CVE-2025-49216

CVSS 9.8 CRITICALEPSS 0.5%CWE-477

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Trend Micro, Inc. · Trend Micro Endpoint Encryption Policy Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://success.trendmicro.com/en-US/solution/KA-0019928 https://www.zerodayinitiative.com/advisories/ZDI-25-373/