### Critical Vulnerability Information - **Vulnerability Name**: Trend Micro Endpoint Encryption DeserializeFromBase64String Deserialization of Untrusted Data Remote Code Execution Vulnerability - **ZDI ID**: ZDI-25-371 - **CVE ID**: CVE-2025-49212 - **CVSS Score**: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - **Affected Vendor**: Trend Micro - **Affected Product**: Endpoint Encryption #### Vulnerability Details - **Description**: This vulnerability allows remote attackers to execute arbitrary code on affected Trend Micro Endpoint Encryption installations. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. - **Specific Issue**: The vulnerability resides in the implementation of the DeserializeFromBase64String method, where insufficient validation of user-supplied data leads to deserialization of untrusted data. Attackers can exploit this vulnerability to execute code in the context of SYSTEM. #### Additional Details - **Remediation**: Trend Micro has released an update to fix this vulnerability. For more details, please refer to: https://success.trendmicro.com/en-US/solution/KA-0019928 #### Disclosure Timeline - **2024-10-11**: Vulnerability reported to vendor - **2025-06-11**: Coordinated public advisory release - **2025-06-11**: Advisory updated #### Acknowledgments - **Discoverer**: Piotr Bazydlo (@chudypl) of Trend Micro Zero Day Initiative