9.8
CVE-2025-53378
- EPSS 0.11%
- Veröffentlicht 10.07.2025 18:58:55
- Zuletzt bearbeitet 03.10.2025 00:46:37
- Quelle security@trendmicro.com
- Teams Watchlist Login
- Unerledigt Login
A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Worry-free Business Security Services SwEditionsaas Version >= 6.7.0.0 < 6.7.3954
Trendmicro ≫ Worry-free Business Security Services SwEditionsaas Version >= 14.0.0 < 14.3.1299
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.307 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@trendmicro.com | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.