Trend Micro Apex One and Worry-Free Business Security Insecure Access Control Vulnerability

A vulnerability allowing insecure access control has been identified in Trend Micro Apex One (2019 On-prem and SaaS) and Worry-Free Business Security (WFBS) 10.0 SP1, as well as Worry-Free Business Security Services (WFBSS) version 6.7. This vulnerability could enable a local attacker to overwrite critical memory-mapped files, potentially leading to severe security and stability issues on the affected systems. Exploitation requires the attacker to have the ability to execute low-privileged code on the target machine.

Impact

Successful exploitation could allow a local attacker to overwrite key memory-mapped files, with serious implications for the security and stability of the affected installation.

Remediation

Users of Trend Micro Apex One can update to SP1 CP Build 14002, while those using Worry-Free Business Security should upgrade to WFBS 10 SP1 Patch 2514. For Worry-Free Business Security Services, the May 2025 Monthly Release (6.7.3954 / 14.3.1299) is available. Customers are encouraged to visit the Trend Micro Download Center for prerequisite software before applying these updates.