Uncontrolled Search Path Vulnerability in Trend Micro Worry-Free Business Security Services
CVE-2025-49487

6.8MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Worry-free Business Security Services
Vendor: CVE Published:; 17 June 2025

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-49487?

An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could allow an attacker with physical access to the affected system to execute arbitrary code. This vulnerability is specific to the SaaS client version of WFBSS and does not impact the on-premise version. The security issue is primarily due to the need for physical access to a specific hardware component. Trend Micro has resolved this issue in prior maintenance updates, requiring no additional action from customers who keep their WFBSS agents updated within the regular SaaS maintenance deployment schedule.

Affected Version(s)

Trend Micro Worry-Free Business Security Services SaaS < 6.7.3954 / 14.3.1299

References

https://success.trendmicro.com/en-US/solution/KA-0019936

https://www.zerodayinitiative.com/advisories/ZDI-25-360/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 5, 2025