CVE-2025-53378

{"id": "CVE-2025-53378", "cveTags": [{"tags": ["exclusively-hosted-service"], "sourceIdentifier": "security@trendmicro.com"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T19:15:26.177", "references": [{"url": "https://success.trendmicro.com/en-US/solution/KA-0019936", "tags": ["Vendor Advisory"], "source": "security@trendmicro.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@trendmicro.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations.\r\n\r\nAlso note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only."}, {"lang": "es", "value": "Una vulnerabilidad de falta de autenticaci\u00f3n en el agente de Trend Micro Worry-Free Business Security Services (WFBSS) podr\u00eda haber permitido que un atacante no autenticado tomara el control remoto del agente en las instalaciones afectadas. Cabe destacar que esta vulnerabilidad solo afect\u00f3 a la versi\u00f3n cliente SaaS de WFBSS, lo que significa que la versi\u00f3n local de Worry-Free Business Security no se vio afectada. Este problema se solucion\u00f3 en una actualizaci\u00f3n de mantenimiento mensual de WFBSS. Por lo tanto, no se requiere ninguna otra acci\u00f3n por parte del cliente para mitigarlo si los agentes de WFBSS se encuentran en el programa de implementaci\u00f3n de mantenimiento SaaS habitual. Esta divulgaci\u00f3n es solo para fines informativos."}], "lastModified": "2025-10-03T00:46:37.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security_services:*:*:*:*:saas:*:*:*", "vulnerable": true, "matchCriteriaId": "661DB84A-9A36-4297-9ED9-211C222EEB80", "versionEndExcluding": "6.7.3954", "versionStartIncluding": "6.7.0.0"}, {"criteria": "cpe:2.3:a:trendmicro:worry-free_business_security_services:*:*:*:*:saas:*:*:*", "vulnerable": true, "matchCriteriaId": "0BDE03F7-BC04-48CA-B03B-893489B41F5F", "versionEndExcluding": "14.3.1299", "versionStartIncluding": "14.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@trendmicro.com"}