Skip to main content

CVE-2025-53378: CWE-306: Missing Authentication for Critical Function in Trend Micro, Inc. Trend Micro Worry-Free Business Security Services

High
VulnerabilityCVE-2025-53378cvecve-2025-53378cwe-306
Published: Thu Jul 10 2025 (07/10/2025, 18:58:55 UTC)
Source: CVE Database V5
Vendor/Project: Trend Micro, Inc.
Product: Trend Micro Worry-Free Business Security Services

Description

A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.

Technical Details

Data Version
5.1
Assigner Short Name
trendmicro
Date Reserved
2025-06-27T14:39:20.760Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68700df3a83201eaaca957c7

Added to database: 7/10/2025, 7:01:07 PM

Last updated: 7/10/2025, 7:01:07 PM

Views: 1

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats