EUVD-2025-21042CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
3Description
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
Analysis
CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.
Technical Context
The vulnerability stems from CWE-306 (Missing Authentication for Critical Function), indicating that the WFBSS SaaS agent fails to properly authenticate requests before processing critical control operations. This authentication bypass likely exists in the agent's communication protocol or API endpoints used for remote management and control. The SaaS architecture introduces network-accessible endpoints that are subject to authentication validation in ways that on-premises deployments may not be, explaining why only the SaaS client version is affected. The agent's susceptibility to unauthenticated remote takeover suggests missing or improperly implemented authentication mechanisms in inter-process communication, API handlers, or remote procedure call (RPC) interfaces used for agent management and policy distribution.
Affected Products
Trend Micro Worry-Free Business Security Services (WFBSS), SaaS client version only. The on-premises version of Worry-Free Business Security is explicitly NOT affected. Affected installations are those running WFBSS agent versions prior to the monthly maintenance update that addressed this issue. Specific version numbers for the patched release are not provided in the available disclosure; customers should verify their deployment is on the current SaaS maintenance release cycle. CPE string would be approximately: cpe:2.3:a:trendmicro:worry-free_business_security_services:*:*:*:*:saas:*:*:*
Remediation
For SaaS Deployments (Primary Mitigation): No action required for customers maintaining standard SaaS deployment schedules—Trend Micro automatically deploys monthly maintenance updates to the SaaS infrastructure. Verify that WFBSS agents are configured to receive automatic updates from Trend Micro's cloud service. For organizations with update deferral policies: Enable automatic monthly maintenance updates or manually trigger deployment of the latest WFBSS monthly maintenance release to all agents. On-Premises Deployments: No remediation required as on-premises Worry-Free Business Security versions are not affected. Verify your deployment model (SaaS vs. on-premises) in your Trend Micro console or contact Trend Micro support for specific patch version details and deployment confirmation. Consult Trend Micro's official security advisory for the exact maintenance update version number and any supplementary guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today