Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Posted on By CWS

Pattern Micro has launched patches for ten vulnerabilities in Apex Central and Endpoint Encryption (TMEE) PolicyServer, together with critical-severity flaws resulting in distant code execution (RCE).

The replace for Apex Central resolves two important bugs resulting in RCE, tracked as CVE-2025-49219 and CVE-2025-49220 (CVSS rating of 9.8). The safety defects are comparable, however had been found in numerous strategies, the corporate says.

Each vulnerabilities are described as an insecure deserialization operation that would enable distant attackers to execute arbitrary code on affected installations, with out authentication.

Endpoint Encryption PolicyServer acquired fixes for eight flaws, together with 4 important and 4 high-severity defects.

Three of the important points are described as deserialization of untrusted information that would result in unauthenticated RCE.

Tracked as CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217 (CVSS rating of 9.8), the bugs are comparable, however impression completely different strategies. The corporate says the primary is much like the Apex Central vulnerability CVE-2025-49220.

The fourth critical-severity vulnerability resolved in Endpoint Encryption PolicyServer, CVE-2025-49216 (CVSS rating of 9.8), is an authentication bypass subject permitting “an attacker to entry key strategies as an admin consumer and modify product configurations”.

Of the high-severity flaws resolved, three are SQL injection bugs that would result in privilege escalation, whereas the fourth is an insecure deserialization resulting in RCE. All 4 require that an attacker first obtains “the flexibility to execute low-privileged code on the goal system”.Commercial. Scroll to proceed studying.

All ten vulnerabilities had been disclosed by the Zero Day Initiative (ZDI), however Pattern Micro says that none of them has been noticed being exploited within the wild. Nevertheless, customers are suggested to use the out there patches as quickly as doable.

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Associated: Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Security Week News Tags:, , , , , , , ,

Related Posts

Chrome to Distrust Chunghwa Telecom and Netlock Certificates Security Week News
ConnectWise Discloses Suspected State-Sponsored Hack Security Week News
The AI Arms Race: Deepfake Generation vs. Detection Security Week News
Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior Security Week News
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Security Week News
Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’ Security Week News