Trendmicro Worry-Free Business Security Services vulnerabilities

5 known vulnerabilities affecting trendmicro/worry-free_business_security_services.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2025-53378CRITICALCVSS 9.8≥ 6.7.0.0, < 6.7.3954≥ 14.0.0, < 14.3.12992025-07-10

CVE-2025-53378 [HIGH] CWE-306 CVE-2025-53378: A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Busines

CVE-2025-49154HIGHCVSS 7.8≥ 6.7.0.0, < 6.7.3954≥ 14.0.0, < 14.3.12992025-06-17

CVE-2025-49154 [HIGH] CWE-284 CVE-2025-49154: An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privil

CVE-2025-49487MEDIUMCVSS 6.8≥ 6.7.0.0, < 6.7.3954≥ 14.0.0, < 14.3.12992025-06-17

CVE-2025-49487 [MEDIUM] CWE-427 CVE-2025-49487: An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services ( An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in order to exploit this vulnerability due to need to ac

CVE-2016-1224MEDIUMCVSS 6.1v5.02016-06-19

CVE-2016-1224 [MEDIUM] CWE-79 CVE-2016-1224: CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.

CVE-2016-1223MEDIUMCVSS 5.3v5.02016-06-19

CVE-2016-1223 [MEDIUM] CWE-22 CVE-2016-1223: Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Serv Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.