Trend Micro Endpoint Encryption Deserialization RCE Vulnerability (CVE-2025-49212)

Critical Vulnerability Information Vulnerability Name: Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability ZDI ID: ZDI-25-371 CVE ID: CVE-2025-49212 CVSS Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Vendor: Trend Micro Affected Product: Endpoint Encryption Vulnerability Details Description: This vulnerability allows remote attackers to execute arbitrary code on affected Trend Micro Endpoint Encryption installations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. Specific Issue: The vulnerability resides in the implementation of the DeserializeFromBase64String method, where insufficient validation of user-supplied data leads to deserialization of untrusted data. Attackers can exploit this vulnerability to execute code in the context of SYSTEM. Additional Details Remediation: Trend Micro has released an update to fix this vulnerability. For more details, please refer to: https://success.trendmicro.com/en-US/solution/KA-0019928 Disclosure Timeline 2024-10-11: Vulnerability reported to vendor 2025-06-11: Coordinated public advisory release 2025-06-11: Advisory updated Acknowledgments Discoverer: Piotr Bazydlo (@chudypl) of Trend Micro Zero Day Initiative

Goal Reached Thanks to every supporter — we hit 100%!

Trend Micro Endpoint Encryption Deserialization RCE Vulnerability (CVE-2025-49212)