CVE-2025-53378CRITICAL 9.8EPSS p46.2%

CVE-2025-53378CVE-2025-53378

Description

A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.2% · 2026-06-18T12:00:27Z
Published2025-07-10
Last modified2025-10-03

Underlying weaknesses· 1

CWE-306

References

  1. https://success.trendmicro.com/en-US/solution/KA-0019936

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Trend Micro Multiple Products Improper Access Control Vulnerability
CVE
CVE-2025-49216
CVE
Trend Micro Multiple Products Content Validation Escape Vulnerability
CVE
CVE-2025-3709
CVE
CVE-2025-55108
CVE
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.