Subj : Trend Micro patches several worrying security flaws, so update no To : All From : TechnologyDaily Date : Fri Jun 13 2025 13:30:08 Trend Micro patches several worrying security flaws, so update now Date: Fri, 13 Jun 2025 12:16:00 +0000 Description: Half a dozen flaws across different Trend Micro products were addressed, despite not being abused in the wild. FULL STORY ======================================================================Trend Micro patches multiple high- and critical-severity flaws The issues were found in Apex Central and Endpoint Encryption PolicyServer There are no workarounds or mitigations Trend Micro has fixed a handful of critical-severity vulnerabilities it recently discovered in a pair of enterprise-level tools. In security advisories, the company said it fixed six remote code execution, and authentication bypass vulnerabilities, in Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Apex Central is a webbased centralized management console designed for IT and security teams in midsized to enterprise organizations using Trend Micros security products across endpoints , servers, email, and network. Endpoint Encryption PolicyServer, on the other hand, is a central management server used to manage encryption policies across devices. Users can handle authentication, key management, real-time policy synchronization and auditing, and are allowed remote commands such as locking, resetting or wiping lost or stolen endpoints. No evidence of abuse The vulnerabilities fixed with the most recent patches are listed below: CVE-2025-49212 CVE-2025-49213 CVE-2025-49216 CVE-2025-49217 CVE-2025-49219 CVE-2025-49212 All of these are deemed either high-severity, or critical. More details about them can be found on this link . While Trend Micro stresses there is no evidence of abuse in the wild, it still urges its users to apply the fixes and secure their premises as soon as possible. There are no mitigations, or workarounds, and the only way to secure the endpoints is to bring TMEE to version 6.0.0.4013 (Patch 1 Update 6), and for Apex Central, to install the Patch B7007. Just because threat actors did not take advantage of the flaws yet, it doesnt mean they wont. Many hacking groups watch for newly-released patches to try and exploit the vulnerabilities, banking on the fact that many organizations dont rush with installing the fixes. For example, in March 2025, Trend Micro warned about a Windows zero-day vulnerability which has remained unpatched for eight years and has been exploited by 11 nation-state attackers, and countless financially motivated groups. Via BleepingComputer You might also like Microsoft Copilot targeted in first zero-click attack on an AI agent - what you need to know Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/trend-micro-patches-several-worrying-se curity-flaws-so-update-now --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .