Trend Micro has issued patches for ten security vulnerabilities affecting Apex Central and Endpoint Encryption (TMEE) PolicyServer. These include several critical flaws that could allow remote code execution (RCE).
For Apex Central, the update addresses two critical issues tracked as CVE-2025-49219 and CVE-2025-49220. Each carries a CVSS score of 9.8. Although both involve remote code execution through insecure deserialization, they were discovered using different methods, according to the company.
These vulnerabilities could allow an unauthenticated attacker to run arbitrary code on a targeted system by exploiting insecure deserialization processes.
Trend Micro also released updates for eight vulnerabilities in Endpoint Encryption PolicyServer. Among these are four critical flaws and four classified as high severity.
Three of the critical vulnerabilities—CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217—are also tied to insecure deserialization, potentially leading to unauthenticated remote code execution. While these issues are similar, they affect different parts of the system. Trend Micro noted that CVE-2025-49212 is particularly similar to the Apex Central flaw CVE-2025-49220.
The fourth critical vulnerability addressed in Endpoint Encryption PolicyServer is CVE-2025-49216, which also holds a CVSS score of 9.8. This flaw allows an attacker to bypass authentication and access key functions as an administrator, making it possible to alter system configurations.
Among the high-severity flaws fixed, three are SQL injection vulnerabilities that could lead to privilege escalation. The fourth is another case of insecure deserialization that can result in remote code execution. Exploiting any of these four high-severity flaws would require an attacker to first gain the ability to execute code with limited privileges on the target system.
All ten vulnerabilities were reported through the Zero Day Initiative (ZDI). While none have been observed in active exploitation, Trend Micro strongly recommends that users apply the patches without delay.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
