Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Posted on By CWS

Pattern Micro has launched patches for ten vulnerabilities in Apex Central and Endpoint Encryption (TMEE) PolicyServer, together with critical-severity flaws resulting in distant code execution (RCE).

The replace for Apex Central resolves two important bugs resulting in RCE, tracked as CVE-2025-49219 and CVE-2025-49220 (CVSS rating of 9.8). The safety defects are comparable, however had been found in numerous strategies, the corporate says.

Each vulnerabilities are described as an insecure deserialization operation that would enable distant attackers to execute arbitrary code on affected installations, with out authentication.

Endpoint Encryption PolicyServer acquired fixes for eight flaws, together with 4 important and 4 high-severity defects.

Three of the important points are described as deserialization of untrusted information that would result in unauthenticated RCE.

Tracked as CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217 (CVSS rating of 9.8), the bugs are comparable, however impression completely different strategies. The corporate says the primary is much like the Apex Central vulnerability CVE-2025-49220.

The fourth critical-severity vulnerability resolved in Endpoint Encryption PolicyServer, CVE-2025-49216 (CVSS rating of 9.8), is an authentication bypass subject permitting “an attacker to entry key strategies as an admin consumer and modify product configurations”.

Of the high-severity flaws resolved, three are SQL injection bugs that would result in privilege escalation, whereas the fourth is an insecure deserialization resulting in RCE. All 4 require that an attacker first obtains “the flexibility to execute low-privileged code on the goal system”.Commercial. Scroll to proceed studying.

All ten vulnerabilities had been disclosed by the Zero Day Initiative (ZDI), however Pattern Micro says that none of them has been noticed being exploited within the wild. Nevertheless, customers are suggested to use the out there patches as quickly as doable.

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Associated: Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Security Week News Tags:, , , , , , , ,

Related Posts

Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack Security Week News
Is AI Use in the Workplace Out of Control? Is AI Use in the Workplace Out of Control? Security Week News
Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices Security Week News
Hackers Exploit BeyondTrust Flaw Within 24 Hours of PoC Hackers Exploit BeyondTrust Flaw Within 24 Hours of PoC Security Week News
iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals Security Week News
Russian Spies Intensify Efforts to Acquire Western Tech Russian Spies Intensify Efforts to Acquire Western Tech Security Week News