CVE-2025-49487

Name of the Vulnerable Software and Affected Versions Trend Micro Worry-Free Business Security Services (WFBSS) SaaS client version (affected versions not specified)

Description The issue is related to an uncontrolled search path vulnerability in the WFBSS agent, which could allow an attacker with physical access to a machine to execute arbitrary code on affected installations. The attacker must have physical access to the target system to exploit this vulnerability, as they need to access a certain hardware component. This vulnerability only affects the SaaS client version of WFBSS, and it has been addressed in a previous monthly maintenance update.

Recommendations For the Trend Micro Worry-Free Business Security Services (WFBSS) SaaS client version, ensure that the WFBSS agents are on the regular SaaS maintenance deployment schedule, as this issue was addressed in a previous update. No other customer action is required to mitigate this issue if the agents are up to date.