Vulnerability Description
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Worry-Free Business Security Services | >= 6.7.0.0, < 6.7.3954 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/en-US/solution/KA-0019936Vendor Advisory
FAQ
What is CVE-2025-53378?
CVE-2025-53378 is a vulnerability with a CVSS score of 7.6 (HIGH). A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affect...
How severe is CVE-2025-53378?
CVE-2025-53378 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-53378?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Worry-Free Business Security Services, Microsoft Windows.