CVE-2025-53378
Trend Micro Worry-Free Business Security Missing Authentication Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
This vulnerability allows remote attackers to hijack security agents on affected installations of Trend Micro Worry-Free Business Security. In most cases, user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the agent activation API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to remove protections or create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-06-27 CVE Reserved
- 2025-07-10 CVE Published
- 2025-07-11 CVE Updated
- 2025-07-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://success.trendmicro.com/en-US/solution/KA-0019936 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trend Micro, Inc. Search vendor "Trend Micro, Inc." | Trend Micro Worry-Free Business Security Services Search vendor "Trend Micro, Inc." for product "Trend Micro Worry-Free Business Security Services" | >= SaaS < 6.7.3954 / 14.3.1299 Search vendor "Trend Micro, Inc." for product "Trend Micro Worry-Free Business Security Services" and version " >= SaaS < 6.7.3954 / 14.3.1299" | en |
Affected
|