CVE-2025-49487 — Uncontrolled Search Path Element in Micro INC Trend Micro Worry-free Business Security Services

CWE-427 — Uncontrolled Search Path Element3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 61.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro INC Trend Micro Worry-free Business Security Services Trendmicro Worry-free Business Security Services

Timeline

PublishedJun 17

Description

An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to access a certain hardware component. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version…

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDtrendmicro/worry-free_business_security_services6.7.0.0 — 6.7.3954+1

▶CVEListV5trend_micro_inc/trend_micro_worry-free_business_security_servicesSaaS — 6.7.3954 / 14.3.1299

🔴Vulnerability Details

CVEList

CVE-2025-49487: An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with p↗2025-06-17

▶

GHSA

GHSA-42hf-mxxr-h6xr: An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with p↗2025-06-17

▶