CVE-2025-53378
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-10-03
Assigner: Trend Micro, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| trendmicro | worry-free_business_security_services | From 6.7.0.0 (inc) to 6.7.3954 (exc) |
| trendmicro | worry-free_business_security_services | From 14.0.0 (inc) to 14.3.1299 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could remotely take control of the WFBSS agent without authentication, potentially leading to unauthorized access and control over the security agent on your system. This could compromise the security of the affected system.
Can you explain this vulnerability to me?
This vulnerability is a missing authentication flaw in the Trend Micro Worry-Free Business Security Services (WFBSS) SaaS client agent. It could allow an unauthenticated attacker to remotely take control of the agent on affected installations.
What immediate steps should I take to mitigate this vulnerability?
Ensure that your Trend Micro Worry-Free Business Security Services (WFBSS) agents are on the regular SaaS maintenance deployment schedule and have applied the monthly maintenance update that addresses this vulnerability. No other customer action is required if the agents are up to date.