CVE-2025-53378
Published: 10 July 2025
Summary
CVE-2025-53378 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Trendmicro Worry-Free Business Security Services. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 44.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and IA-9 (Service Identification and Authentication).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation directly addresses the missing authentication vulnerability by applying the vendor's monthly maintenance update to patch the affected WFBSS SaaS agent.
Requires identification and authentication mechanisms for system services such as the WFBSS agent, preventing unauthenticated remote control exploitation.
Defines and restricts permitted actions without identification or authentication, mitigating unauthorized remote takeover capabilities in the vulnerable agent.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing auth on agent enables remote takeover when user executes malicious link/file (UI:R trigger).
NVD Description
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of…
more
WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
Deeper analysisAI
CVE-2025-53378 is a missing authentication vulnerability (CWE-306) in the agent component of Trend Micro Worry-Free Business Security Services (WFBSS). It affects only the SaaS client version of WFBSS; the on-premise version of Worry-Free Business Security is not impacted. The vulnerability enables an unauthenticated attacker to remotely take control of the agent on vulnerable installations, with a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H).
An unauthenticated attacker with network access can exploit this vulnerability by tricking a user into performing an action that requires user interaction, such as clicking a malicious link or opening a crafted file. Successful exploitation grants remote control over the affected WFBSS agent, resulting in low confidentiality and integrity impacts alongside high availability disruption, but without scope changes.
According to the Trend Micro advisory (https://success.trendmicro.com/en-US/solution/KA-0019936), the issue was addressed in a WFBSS monthly maintenance update. Customers on the regular SaaS maintenance deployment schedule require no additional action, and the disclosure serves informational purposes only.
Details
- CWE(s)