1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Trend Micro patches several worrying security flaws, so update no

    From TechnologyDaily@1337:1/100 to All on Fri Jun 13 13:30:08 2025
    Trend Micro patches several worrying security flaws, so update now

    Date:
    Fri, 13 Jun 2025 12:16:00 +0000

    Description:
    Half a dozen flaws across different Trend Micro products were addressed, despite not being abused in the wild.

    FULL STORY ======================================================================Trend Micro patches multiple high- and critical-severity flaws The issues were
    found in Apex Central and Endpoint Encryption PolicyServer There are no workarounds or mitigations

    Trend Micro has fixed a handful of critical-severity vulnerabilities it recently discovered in a pair of enterprise-level tools.

    In security advisories, the company said it fixed six remote code execution, and authentication bypass vulnerabilities, in Apex Central and Endpoint Encryption (TMEE) PolicyServer products.

    Apex Central is a webbased centralized management console designed for IT and security teams in midsized to enterprise organizations using Trend Micros security products across endpoints , servers, email, and network. Endpoint Encryption PolicyServer, on the other hand, is a central management server used to manage encryption policies across devices. Users can handle authentication, key management, real-time policy synchronization and
    auditing, and are allowed remote commands such as locking, resetting or
    wiping lost or stolen endpoints. No evidence of abuse

    The vulnerabilities fixed with the most recent patches are listed below:

    CVE-2025-49212
    CVE-2025-49213
    CVE-2025-49216
    CVE-2025-49217
    CVE-2025-49219
    CVE-2025-49212

    All of these are deemed either high-severity, or critical. More details about them can be found on this link .

    While Trend Micro stresses there is no evidence of abuse in the wild, it
    still urges its users to apply the fixes and secure their premises as soon as possible.

    There are no mitigations, or workarounds, and the only way to secure the endpoints is to bring TMEE to version 6.0.0.4013 (Patch 1 Update 6), and for Apex Central, to install the Patch B7007.

    Just because threat actors did not take advantage of the flaws yet, it doesnt mean they wont. Many hacking groups watch for newly-released patches to try and exploit the vulnerabilities, banking on the fact that many organizations dont rush with installing the fixes.

    For example, in March 2025, Trend Micro warned about a Windows zero-day vulnerability which has remained unpatched for eight years and has been exploited by 11 nation-state attackers, and countless financially motivated groups.

    Via BleepingComputer You might also like Microsoft Copilot targeted in first zero-click attack on an AI agent - what you need to know Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/trend-micro-patches-several-worrying-se curity-flaws-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)