- Multiple micro patches trend defects in high and critical severity
- The problems have been found in central apex and endpoint polishing enclosure
- There is no bypass
Trend Micro has set a handful of critical severity vulnerabilities that he recently discovered in a pair of business level tools.
In the security opinions, the company said it has set six vulnerabilities for remote code bypass and bypassing authentication, in central APEX and Endpoint Encryption (TMEE) police.
APEX Central is a centralized web management console designed for IT and Safety Safety teams in size to business organizations using Trend Micro security products through the ends, servers, e-mails and the network. Endpoint Encryption Policyserver, on the other hand, is a central management server used to manage encryption strategies on devices. Users can manage authentication, keys management, synchronization and audit of policies in real time, and are authorized at remote controls such as locking, reset or wiping of lost or stolen termination points.
No proof of abuse
The vulnerabilities fixed with the most recent fixes are listed below:
CVE-2025-49212
CVE-2025-49213
CVE-2025-49216
CVE-2025-49217
CVE-2025-49219
CVE-2025-49212
All these elements are deemed of high severity or criticism. More details about them can be found on this link.
Although tendency micro-stresses, there is no evidence of abuse in the wild, it always urges its users to apply the fixes and to secure their premises as soon as possible.
There is no attenuation or bypassing solution, and the only way to secure the ending points is to bring TMEE to version 6.0.0.4013 (update of Patch 1), and for Central Apex, to install the Patch B7007.
It is not because the threat actors have not yet taken advantage of the faults, that does not mean that they will not. Many hacking groups monitor newly published fixes to try to exploit vulnerabilities, depending on the fact that many organizations do not rush with the installation of fixes.
For example, in March 2025, Trend Micro warned against a vulnerability of Windows Zero-Day which has remained uncharted for eight years and was operated by 11 attackers of the nation state and countless financially motivated groups.
Via Bleeping Compompute
