- Micro Paths of Multiple High Defects of High and Critical Severity
- The problems were found in Central Apex and Endpoint CIFFRYPTION POLYSERVER
- There are no solutions or mitigations
Trend Micro has fixed a handful of critical severity vulnerabilities that he recently discovered in a couple of business level tools.
In security notices, the company said it set six remote code execution, and the authentication of derivation vulnerabilities, in the products of central and end point policy (TMEE) Apex.
Central Apex is a web -based centralized management console designed for security and safety equipment in medium -sized business organizations that use Trend Micro safety products in final points, servers, email and network. Policserver of final point encryption, on the other hand, is a central administration server used to manage encryption policies on all devices. Users can handle the authentication, key management, synchronization and audit of real -time policies, and are allowed remote commands, such as blocking, restoring or cleaning lost or stolen final points.
There is no evidence of abuse
Vulnerabilities set with the most recent patches are listed below:
CVE-2025-49212
CVE-2025-49213
CVE-2025-49216
CVE-2025-49217
CVE-2025-49219
CVE-2025-49212
All these are considered high severity or critics. You can find more details about them in this link.
While the trend is emphasized, there is no evidence of abuse in nature, it still urges its users to apply the solutions and ensure their facilities as soon as possible.
There are no mitigations, solutions, and the only way to ensure the final points is to take TMEE to version 6.0.0.4013 (Patch 1), and for central Apex, install the B7007 patch.
Just because the threat actors did not take advantage of the defects yet, it does not mean that they will not. Many piracy groups look for recently launched patches to try to exploit vulnerabilities, depositing the fact that many organizations do not rush to install the solutions.
For example, in March 2025, Trend Micro warned about a zero Windows day vulnerability that has remained without blinking for eight years and has been exploited by 11 nation-state attackers and innumerable financial motivation groups.
Through Bleepingcomputer
