Trend Micro has issued security patches to fix multiple serious vulnerabilities in its Apex Central and Endpoint Encryption PolicyServer tools, which could allow attackers to execute code or bypass authentication without needing to log in.
These flaws include several pre-authentication remote code execution (RCE) bugs stemming from insecure deserialization, such as CVE-2025-49212 and CVE-2025-49213, which could let attackers run commands as SYSTEM.
Another flaw, CVE-2025-49216, enables full admin access without any credentials due to broken authentication logic. A fourth RCE bug (CVE-2025-49217), although harder to exploit, still poses a serious risk.
The latest update, version 6.0.0.4013 (Patch 1 Update 6), also resolves four additional high-severity issues, including SQL injection and privilege escalation vulnerabilities. Apex Central, used to centrally manage Trend Micro’s security tools, was also found to contain two critical RCE vulnerabilities (CVE-2025-49219 and CVE-2025-49220), both fixed in Patch B7007.
While no exploitation has been observed in the wild, Trend Micro urges users to apply the updates immediately due to the high risk involved.
Read more...