CVE-2025-49214
Published: 17 June 2025
Summary
CVE-2025-49214 is a high-severity Use of Obsolete Function (CWE-477) vulnerability in Trendmicro Trend Micro Endpoint Encryption. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 12.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
An insecure deserialization flaw exists in Trend Micro Endpoint Encryption PolicyServer that can be triggered to achieve remote code execution after authentication. The affected component is the PolicyServer component of Trend Micro Endpoint Encryption, and the issue is tracked under CWE-502 and CWE-477.
An attacker who has already obtained low-privileged code execution on the target system can supply a crafted serialized object over the network to escalate to full remote code execution with high impact on confidentiality, integrity, and availability. The vulnerability carries a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low required privileges.
Trend Micro has published solution KA-0019928 addressing the issue, and the Zero Day Initiative has released advisory ZDI-25-371 with additional technical details. The current EPSS score of 0.0325 has shown only minor movement from its recorded peak of 0.0390.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-28284
Vulnerability details
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to…
more
exploit this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.
Institutionalized information sharing keeps developers aware of obsolete functions and the need to replace them with supported alternatives.
Regular reassessment flags use of obsolete functions whose security properties have degraded or whose replacements contain fixes for known weaknesses.
Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.
Eliminates reliance on functions or components explicitly declared obsolete and unsupported by their maintainers.
Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.
Validates or rejects untrusted serialized data before deserialization occurs.
Software and firmware updates replace obsolete functions whose retained presence leaves systems exposed to publicly known weaknesses.