Remote Control Vulnerability in Trend Micro Worry-Free Business Security Services Agent
CVE-2025-53378

7.6HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Worry-free Business Security Services
Vendor: CVE Published:; 10 July 2025

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2025-53378?

A missing authentication issue in the SaaS client version of Trend Micro Worry-Free Business Security Services (WFBSS) could allow an unauthenticated attacker to remotely control the agent on compromised installations. Fortunately, this vulnerability exclusively affects the cloud-hosted version of the software. The on-premise variant remains unaffected. Users are reassured that the issue has been addressed through a WFBSS monthly maintenance update, and there is no additional action required by customers with agents that follow the regular SaaS maintenance deployment schedule. This disclosure serves as a cautionary notice to enhance awareness of the risks associated with authentication weaknesses.

Affected Version(s)

Trend Micro Worry-Free Business Security Services SaaS < 6.7.3954 / 14.3.1299

References

https://success.trendmicro.com/en-US/solution/KA-0019936

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jun 27, 2025