Pattern Micro has launched safety updates to handle a number of critical-severity distant code execution and authentication bypass vulnerabilities that influence its Apex Central and Endpoint Encryption (TMEE) PolicyServer merchandise.
The safety vendor underlines that it has seen no proof of lively exploitation within the wild for any of them. Nonetheless, instant software of the safety updates is beneficial to handle the dangers.
Pattern Micro Endpoint Encryption PolicyServer is a central administration server for Pattern Micro Endpoint Encryption (TMEE), offering full disk encryption and detachable media encryption for Home windows-based endpoints.
The product is utilized in enterprise environments in regulated industries the place compliance with information safety requirements is vital.
With the most recent replace, Pattern Micro addressed the next high-severity and significant flaws:
- CVE-2025-49212Â –Â A pre-authentication distant code execution flaw attributable to insecure deserialization within the PolicyValueTableSerializationBinder class. Distant attackers can exploit it to execute arbitrary code as SYSTEM with out requiring login
- CVE-2025-49213Â –Â A pre-authentication distant code execution vulnerability within the PolicyServerWindowsService class, stemming from deserialization of untrusted information. Attackers can run arbitrary code as SYSTEM with no authentication required
- CVE-2025-49216Â –Â An authentication bypass flaw within the DbAppDomain service as a consequence of a damaged auth implementation. Distant attackers can totally bypass login and carry out admin-level actions with out credentials
- CVE-2025-49217Â –Â A pre-authentication RCE vulnerability within the ValidateToken technique, triggered by unsafe deserialization. Whereas barely more durable to take advantage of, it nonetheless permits unauthenticated attackers to run code as SYSTEM
It needs to be famous that whereas Pattern Micro’s safety bulletin for Endpoint Encryption PolicyServer lists all 4 vulnerabilities above as vital, ZDI’s advisory asessed CVE-2025-49217 as being a high-severity vulnerability.
Further points addressed by the most recent model of Endpoint Encryption PolicyServer inlcude 4 extra high-severity vulnerabilities (e.g. SQL injection and privileges escalation points).
All the vulnerabilities had been addressed in model 6.0.0.4013 (Patch 1 Replace 6). The failings influence all variations as much as the most recent, and there are not any mitigations or workarounds for them.
A second set of issues that Pattern Micro addressed impacts Apex Central, a centralized safety administration console used for monitoring, configuring, and managing a number of Pattern Micro merchandise and safety brokers throughout a corporation.
Each points are critical-severity, pre-authentication distant code execution flaws:
- CVE-2025-49219 â A pre-authentication RCE flaw within the GetReportDetailView technique of Apex Central attributable to insecure deserialization. Exploiting this permits unauthenticated attackers to execute code within the context of NETWORK SERVICE. (CVSS 9.8)
- CVE-2025-49220 â A pre-auth RCE in Apex Central within the ConvertFromJson technique. Improper enter validation throughout deserialization lets attackers execute arbitrary code remotely with out authentication. (CVSS 9.8)
The problems had been mounted in Patch B7007 for Apex Central 2019 (on premise), whereas they’re mechanically utilized on backend for Apex Central as a Service.
Patching used to imply complicated scripts, lengthy hours, and infinite hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no complicated scripts required.
