CVE-2025-49215

High

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges…

trendmicro·CWE-242·Published 2025-06-17

CVSS

8.8

EPSS

0.00

KEV

Exploits

cve.orgen

307 chars

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

NVDen

307 chars

NVDes

322 chars

Una vulnerabilidad de inyección SQL posterior a la autenticación en Trend Micro Endpoint Encryption PolicyServer podría permitir a un atacante escalar privilegios en las instalaciones afectadas. Nota: Para explotar esta vulnerabilidad, un atacante debe primero ejecutar código con pocos privilegios en el sistema objetivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H