Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
6DescriptionCVE.org
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations.
Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
AnalysisAI
CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.
Technical ContextAI
The vulnerability stems from CWE-306 (Missing Authentication for Critical Function), indicating that the WFBSS SaaS agent fails to properly authenticate requests before processing critical control operations. This authentication bypass likely exists in the agent's communication protocol or API endpoints used for remote management and control. The SaaS architecture introduces network-accessible endpoints that are subject to authentication validation in ways that on-premises deployments may not be, explaining why only the SaaS client version is affected. The agent's susceptibility to unauthenticated remote takeover suggests missing or improperly implemented authentication mechanisms in inter-process communication, API handlers, or remote procedure call (RPC) interfaces used for agent management and policy distribution.
RemediationAI
For SaaS Deployments (Primary Mitigation): No action required for customers maintaining standard SaaS deployment schedules—Trend Micro automatically deploys monthly maintenance updates to the SaaS infrastructure. Verify that WFBSS agents are configured to receive automatic updates from Trend Micro's cloud service. For organizations with update deferral policies: Enable automatic monthly maintenance updates or manually trigger deployment of the latest WFBSS monthly maintenance release to all agents. On-Premises Deployments: No remediation required as on-premises Worry-Free Business Security versions are not affected. Verify your deployment model (SaaS vs. on-premises) in your Trend Micro console or contact Trend Micro support for specific patch version details and deployment confirmation. Consult Trend Micro's official security advisory for the exact maintenance update version number and any supplementary guidance.
More in Trend Micro
View allOn the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitr
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote att
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. Rated high severity (C
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS. Rated medium severity (CV
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attac
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url para
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated u
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authent
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21042