How severe is CVE-2025-49216?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Trend Micro, Inc. Micro Endpoint Encryption Policy Server

CVE-2025-49216

An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.

EPSS: 0.002 (46.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Trend Micro, Inc. Micro Endpoint Encryption Policy Server — versions 6.0

Weakness classification (CWE)

CWE-477

References

success.trendmicro.com/en-US/solution/KA-0019928
www.zerodayinitiative.com/advisories/ZDI-25-373/

Frequently asked questions

What is CVE-2025-49216?: CVE-2025-49216 is a critical-severity vulnerability in Trend Micro, Inc. Micro Endpoint Encryption Policy Server, classified under CWE-477. CVSS score: 9.8/10. Published 2025-06-17.
How severe is CVE-2025-49216?: Critical severity. CVSS v3 base score is 9.8 out of 10.