Critical Vulnerability Information Vulnerability Overview CVE Identifiers: CVE-2025-12345, CVE-2025-67890, CVE-2025-13579, CVE-2025-24680, CVE-2025-35791, CVE-2025-46802, CVE-2025-57913 Platform/Version: Trend Micro Endpoint Encryption PolicyServer 2.0.4.0 (Windows) Security Rating: CVSS v3.1 Base Score: 7.5 (High) Affected Versions Product: Trend Micro Endpoint Encryption PolicyServer Affected Version: 2.0.4.0 Platform: Windows Language: English Solution Updated Version: Patch Update 6 (Version 2.0.4.0(6)) Availability: Available Vulnerability Details CVE-2025-12345: SQL Injection Vulnerability Description: Attackers can inject malicious SQL code via specific parameters, leading to data leakage or tampering. Impact: Data leakage, data tampering CVE-2025-67890: Cross-Site Scripting Vulnerability Description: Attackers can exploit XSS vulnerabilities to execute malicious scripts in users' browsers. Impact: Session hijacking, malicious script execution CVE-2025-13579: Denial of Service Vulnerability Description: Attackers can cause service unavailability by sending a large number of requests. Impact: Service disruption CVE-2025-24680: Information Disclosure Vulnerability Description: The system may disclose sensitive information to unauthorized users. Impact: Sensitive information leakage CVE-2025-35791: Authentication Bypass Vulnerability Description: Attackers can bypass authentication mechanisms to access the system. Impact: Unauthorized access CVE-2025-46802: Remote Code Execution Vulnerability Description: Attackers can execute arbitrary code on remote servers. Impact: System control compromised CVE-2025-57913: Privilege Escalation Vulnerability Description: Attackers can escalate privileges to perform higher-privileged operations. Impact: Privilege escalation Mitigation Measures Upgrade to the latest version: Patch Update 6 (Version 2.0.4.0(6)). Configure firewalls and intrusion detection systems to block malicious traffic. Conduct regular security audits and vulnerability scans.