{"id":3665,"date":"2025-06-17T07:56:33","date_gmt":"2025-06-17T07:56:33","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=3665"},"modified":"2025-06-17T07:56:34","modified_gmt":"2025-06-17T07:56:34","slug":"critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/","title":{"rendered":"Critical Vulnerabilities Fixed in Trend Micro&#8217;s Apex Central and PolicyServer"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">If you&#8217;re using <strong>Trend Micro Apex Central<\/strong> or <strong>Endpoint Encryption PolicyServer<\/strong>, here&#8217;s some urgent news. Hackers could take full control of your system, no login required.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On June 10th, <a href=\"https:\/\/success.trendmicro.com\/en-US\/solution\/KA-0019928\">Trend Micro released urgent patches<\/a> for ten security flaws, including six unauthenticated remote code execution (RCE) vulnerabilities rated critical with <strong>CVSS scores of 9.8.<\/strong> And Trend Micro just patched ten of them.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-these-products\">What Are These Products?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Trend Micro products are widely used in large enterprises, especially in industries that handle sensitive data. That\u2019s why this latest update is a big deal. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>There\u2019s a good chance you&#8217;re using one of these tools:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Trend Micro Apex Central:<\/strong> This is the command centre of your Trend Micro ecosystem. It controls policies, monitors threats, and manages your entire security infrastructure across multiple products.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Trend Micro Endpoint Encryption (TMEE) PolicyServer:<\/strong> This manages full-disk and removable media encryption. It\u2019s the backbone of data protection for laptops, USB drives, and sensitive endpoint devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Both tools are critical in ensuring compliance and preventing data breaches. But ironically, a series of flaws in these very systems opened the door for attackers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-did-trend-micro-patch\">What Did Trend Micro Patch?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-apex-central-two-critical-flaws-patched\">Apex Central: Two Critical Flaws Patched<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Two bugs, tracked <strong>as CVE-2025-49219<\/strong> and <strong>CVE-2025-49220,<\/strong> were found in Apex Central. Both involve insecure deserialization, a common but dangerous coding mistake where user-supplied input is converted into executable code without proper validation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This allows an unauthenticated attacker, literally anyone with access, to remotely execute code in the context of the <strong>NETWORK SERVICE<\/strong> account. That\u2019s powerful enough to begin lateral movement, download malware, or disable parts of your network protection silently. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Both flaws are rated <strong>9.8 <\/strong>on the CVSS scale, which is about as bad as it gets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-policyserver-eight-vulnerabilities-four-critical\">PolicyServer: Eight Vulnerabilities (Four Critical)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The Endpoint Encryption <strong>PolicyServer<\/strong> had a group of eight flaws, four of which are critical. Here\u2019s a closer look at the big ones:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CVE-2025-49212 &amp; CVE-2025-49213:<\/strong> These two pre-authentication RCE bugs occur in different classes but have the same underlying issue: deserialization of untrusted data. An attacker can exploit them remotely and gain SYSTEM-level access. No login required.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CVE-2025-49216:<\/strong> This one\u2019s especially worrying. It\u2019s an authentication bypass flaw. A broken auth implementation in the <strong>DbAppDomain<\/strong> service allows attackers to skip the login process altogether and jump straight into admin-level privileges.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CVE-2025-49217:<\/strong> Another RCE triggered by unsafe deserialization in the <strong>ValidateToken<\/strong> method. Slightly more complex to exploit, but still lethal if successfully used.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The remaining four flaws include <strong>three<\/strong> <strong>\u201cSQL injection vulnerabilities\u201d<\/strong> that could lead to privilege escalation, and another deserialization issue that allows attackers to move from basic to SYSTEM-level access, as long as they already have a foothold on the machine.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All of these bugs were found and responsibly disclosed via the <strong>Zero Day Initiative (ZDI), <\/strong>a program that rewards researchers for reporting bugs before they\u2019re used maliciously.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-why-this-is-a-big-deal\">Why This Is a Big Deal?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As of now, no known attacks have used these vulnerabilities and been exploited in the wild. But here\u2019s the thing: it\u2019s not about what\u2019s happened, it\u2019s about what could happen. These flaws don\u2019t require any special access. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">They\u2019re unauthenticated, remote, and affect the very systems you depend on to enforce security policies, protect encryption keys, and monitor threats across your organisation.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"has-normal-font-size wp-block-paragraph\">As <strong>Jason Soroko<\/strong>, senior fellow at Sectigo, put it: \u201cA foothold here means an attacker can disable agents, push malware, and recover recovery keys.\u201d<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">And since PolicyServer often integrates with <strong>Active Directory<\/strong>, a successful breach could give attackers the keys to your entire domain, including domain controllers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-trend-micro-s-fixes-and-what-you-need-to-do-now\">Trend Micro\u2019s Fixes and What You Need to Do Now<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Trend Micro has issued patches and updates, but you need to deploy them manually if you&#8217;re using on-premise deployments. <strong>Here\u2019s how to fix it:<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-for-apex-central\">For Apex Central:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If you\u2019re using the <strong>on-premise version<\/strong>, install <strong>Patch B7007<\/strong> immediately.<\/li>\n\n\n\n<li>If you\u2019re on <strong>Apex Central as a Service<\/strong>, the fixes are already applied on the backend.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-for-policyserver\">For PolicyServer:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upgrade to version <strong>6.0.0.4013 (Patch 1 Update 6)<\/strong>, which contains all fixes.<\/li>\n\n\n\n<li>No workarounds or mitigations exist; patching is the only option.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-not-just-a-patch-you-also-need-to-do-this\">Not Just a Patch, You Also Need to Do This<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Patching is step one. But here\u2019s what else you should consider doing:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Audit who and what has access to management ports<\/strong>. If an attacker can reach your PolicyServer or Apex Central over the network, they could exploit these bugs. Use firewalls and network segmentation to protect them.<\/li>\n\n\n\n<li><strong>Review logs for abuse patterns.<\/strong> Specifically, look for .NET deserialization errors, unusual config changes, or login bypass attempts.<\/li>\n\n\n\n<li><strong>Check for shared libraries across other Trend Micro tools. <\/strong>Soroko points out that these flaws may stem from a shared codebase, meaning other products might be at risk too.<\/li>\n\n\n\n<li><strong>Run a vulnerability scan across your fleet.<\/strong> Tools like Qualys, Nessus, or even Trend Micro\u2019s own scanners can help identify if unpatched versions are still in your environment.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security vulnerabilities are like cracks in a dam. Everything might look fine until one day, it breaks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This patch from Trend Micro isn&#8217;t just another routine update. It\u2019s a direct response to flaws that could completely compromise your network, data, and user trust. So don\u2019t wait until you&#8217;re trending on Twitter for the wrong reasons. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your encryption system is only as strong as its weakest link, and right now, that link needs urgent attention.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And if manually checking every vulnerability feels like a full-time job, that\u2019s because it is. That\u2019s why we recommend using tools like <a href=\"https:\/\/certera.com\/sitelock\">SiteLock<\/a>, an automated security solution that helps detect and patch vulnerabilities in real-time before attackers can exploit them. Whether it\u2019s RCE, SQL injection, or broken authentication, SiteLock keeps an eye on it all.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you are looking for a <strong>\u201ctechnical advisor\u201d<\/strong> for your organisation, <strong>contact us.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re using Trend Micro Apex Central or Endpoint Encryption PolicyServer, here&#8217;s some urgent news. Hackers could take full control of your system, no login required. On June 10th, Trend Micro released urgent patches for ten security flaws, including six unauthenticated remote code execution (RCE) vulnerabilities rated critical with CVSS scores of 9.8. And Trend<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":5,"featured_media":3666,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3665","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?<\/title>\n<meta name=\"description\" content=\"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?\" \/>\n<meta property=\"og:description\" content=\"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-17T07:56:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-17T07:56:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Monika\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Monika\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/\"},\"author\":{\"name\":\"Monika\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/23a4ec2d4840aefd22b7e330eed3d700\"},\"headline\":\"Critical Vulnerabilities Fixed in Trend Micro&#8217;s Apex Central and PolicyServer\",\"datePublished\":\"2025-06-17T07:56:33+00:00\",\"dateModified\":\"2025-06-17T07:56:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/\"},\"wordCount\":983,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/trend-marco-patches.webp\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/\",\"name\":\"Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/trend-marco-patches.webp\",\"datePublished\":\"2025-06-17T07:56:33+00:00\",\"dateModified\":\"2025-06-17T07:56:34+00:00\",\"description\":\"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/trend-marco-patches.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/trend-marco-patches.webp\",\"width\":960,\"height\":620,\"caption\":\"Trend Micro Fixes Critical Vulnerabilities\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Vulnerabilities Fixed in Trend Micro&#8217;s Apex Central and PolicyServer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/23a4ec2d4840aefd22b7e330eed3d700\",\"name\":\"Monika\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Monika\"},\"description\":\"Cyber Security Experts!\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/monika\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?","description":"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/","og_locale":"en_US","og_type":"article","og_title":"Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?","og_description":"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!","og_url":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-06-17T07:56:33+00:00","article_modified_time":"2025-06-17T07:56:34+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp","type":"image\/jpeg"}],"author":"Monika","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Monika","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/"},"author":{"name":"Monika","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/23a4ec2d4840aefd22b7e330eed3d700"},"headline":"Critical Vulnerabilities Fixed in Trend Micro&#8217;s Apex Central and PolicyServer","datePublished":"2025-06-17T07:56:33+00:00","dateModified":"2025-06-17T07:56:34+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/"},"wordCount":983,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/","url":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/","name":"Trend Micro Just Patched 10 Critical Bugs \u2014 Are You Protected?","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp","datePublished":"2025-06-17T07:56:33+00:00","dateModified":"2025-06-17T07:56:34+00:00","description":"Trend Micro Just Patched 10 Critical Vulnerabilities \u2014 Including 4 That Let Hackers In Without a Password. Checkout now and stay updated!","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/06\/trend-marco-patches.webp","width":960,"height":620,"caption":"Trend Micro Fixes Critical Vulnerabilities"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/critical-vulnerabilities-fixed-in-trend-micros-apex-central-and-policyserver\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Vulnerabilities Fixed in Trend Micro&#8217;s Apex Central and PolicyServer"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/23a4ec2d4840aefd22b7e330eed3d700","name":"Monika","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5a245e969fb073cb244286efd12a40f5d56f9a93c0e9e80c6dcd59494f384452?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Monika"},"description":"Cyber Security Experts!","url":"https:\/\/certera.com\/blog\/author\/monika\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=3665"}],"version-history":[{"count":3,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3665\/revisions"}],"predecessor-version":[{"id":3669,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/3665\/revisions\/3669"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/3666"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=3665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=3665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=3665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}