Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

On June 10, 2025, Trend Micro released fixes for six critical vulnerabilities affecting Apex Central and Endpoint Encryption PolicyServer. Five of the vulnerabilities allow remote code execution (RCE), and one enables authentication bypass. The vulnerabilities were responsibly disclosed by the Zero Day Initiative (ZDI), a vulnerability research organization owned by Trend Micro.

Vulnerabilities

CVE-2025-49219 & CVE-2025-49220: Unauthenticated RCE in Apex Central due to insecure deserialization.

CVE-2025-49216: Authentication bypass in Endpoint Encryption PolicyServer due to improper implementation of an authentication algorithm.

CVE-2025-49213 & CVE-2025-49217: Unauthenticated RCE in Endpoint Encryption PolicyServer due to insecure deserialization.

CVE-2025-49212: RCE in Endpoint Encryption PolicyServer due to insecure deserialization. Requires authentication, but can be chained with CVE-2025-49216 to achieve authentication.

Arctic Wolf has not observed exploitation of these vulnerabilities or identified any publicly available proof-of-concept (PoC) code. Apex Central vulnerabilities have been exploited in the past, as noted in CISA’s Known Exploited Vulnerabilities catalog. Additionally, Endpoint Encryption PolicyServer manages encryption keys and access policies, making it a high-value target for threat actors. Threat actors may reverse engineer the patches in the near future to develop exploits.

Recommendation

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of Apex Central or Endpoint Encryption Policy Server.

Product	Vulnerability	Affected Version (Windows)	Fixed Version (Windows)
Trend Micro Apex Central	CVE-2025-49219 CVE-2025-49220	2019 (On-Prem)	CP B7007
Trend Micro Apex Central as a Service	CVE-2025-49219 CVE-2025-49220	Software-as-a-Service (SaaS)	Automatically applied
Trend Micro Endpoint Encryption (TMEE) PolicyServer	CVE-2025-49212 CVE-2025-49213 CVE-2025-49216 CVE-2025-49217	Versions before 6.0.0.4013	Patch 1 Update 6 for Version 6.0.0.4013

Please follow your organization’s patching and testing guidelines to minimize potential operational impact.

References

Trend Micro Endpoint Encryption PolicyServer Advisory

CVE-2025-49212

CVE-2025-49213

CVE-2025-49216

CVE-2025-49217

Trend Micro Apex Central Advisory

CVE-2025-49219

CVE-2025-49220

Resources

Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Security Bulletins

Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools

Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Partners

Company

Careers

Press

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

Vulnerabilities

Recommendation

Upgrade to Latest Fixed Version

References

Popular Topics

Share this post:

What to read next

3 min read

Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools

2 min read

Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page

4 min read

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

10 min read

CVE-2025-5777: Critical Information Disclosure Vulnerability “Citrix Bleed 2” in Citrix NetScaler ADC and Gateway

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Accessibility Statement

Information Security

Sustainability Statement

Cookies Settings

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347