Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

Posted on By CWS

Pattern Micro has launched patches for ten vulnerabilities in Apex Central and Endpoint Encryption (TMEE) PolicyServer, together with critical-severity flaws resulting in distant code execution (RCE).

The replace for Apex Central resolves two important bugs resulting in RCE, tracked as CVE-2025-49219 and CVE-2025-49220 (CVSS rating of 9.8). The safety defects are comparable, however had been found in numerous strategies, the corporate says.

Each vulnerabilities are described as an insecure deserialization operation that would enable distant attackers to execute arbitrary code on affected installations, with out authentication.

Endpoint Encryption PolicyServer acquired fixes for eight flaws, together with 4 important and 4 high-severity defects.

Three of the important points are described as deserialization of untrusted information that would result in unauthenticated RCE.

Tracked as CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217 (CVSS rating of 9.8), the bugs are comparable, however impression completely different strategies. The corporate says the primary is much like the Apex Central vulnerability CVE-2025-49220.

The fourth critical-severity vulnerability resolved in Endpoint Encryption PolicyServer, CVE-2025-49216 (CVSS rating of 9.8), is an authentication bypass subject permitting “an attacker to entry key strategies as an admin consumer and modify product configurations”.

Of the high-severity flaws resolved, three are SQL injection bugs that would result in privilege escalation, whereas the fourth is an insecure deserialization resulting in RCE. All 4 require that an attacker first obtains “the flexibility to execute low-privileged code on the goal system”.Commercial. Scroll to proceed studying.

All ten vulnerabilities had been disclosed by the Zero Day Initiative (ZDI), however Pattern Micro says that none of them has been noticed being exploited within the wild. Nevertheless, customers are suggested to use the out there patches as quickly as doable.

Associated: Palo Alto Networks Patches Privilege Escalation Vulnerabilities

Associated: Fortinet, Ivanti Patch Excessive-Severity Vulnerabilities

Associated: ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA

Associated: Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

Security Week News Tags:, , , , , , , ,

Related Posts

TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking Security Week News
In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias Security Week News
Oracle Releases October 2025 Patches Oracle Releases October 2025 Patches Security Week News
Cisco Patches 35 Vulnerabilities Across Several Products Cisco Patches 35 Vulnerabilities Across Several Products Security Week News
Beyond the Black Box: Building Trust and Governance in the Age of AI Beyond the Black Box: Building Trust and Governance in the Age of AI Security Week News
‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT Security Week News