CVE-2025-49487 – Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-49487

11 Jun 2025 — An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free... • https://success.trendmicro.com/en-US/solution/KA-0019936 • CWE-427: Uncontrolled Search Path Element •