Severity
High
Analysis Summary
CVE-2025-49384 CVSS:7.8
Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-49154 CVSS:8.7
An insecure access control vulnerability in Trend Micro Apex One could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations.
CVE-2025-49214 CVSS:8.8
An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.
Impact
- Gain Access
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-49384
CVE-2025-49154
CVE-2025-49214
Affected Vendors
Affected Products
- Trend Micro Apex One as a Service SaaS
- Trend Micro Security 17.8 (Consumer)
- Trend Micro Apex One 2019 (On-prem)
- Trend Micro Endpoint Encryption (TMEE) PolicyServer 6.0.0.4013
Remediation
Refer to Trend Micro Security Advisory for patch, upgrade, or suggested workaround information.