Critical Vulnerability Information Vulnerability Overview Release Date: June 9, 2025 Update Date: June 9, 2025 CVE Identifiers: CVE-2025-4915, CVE-2025-4868, CVE-2025-3336 CVSS 3.0 Score: 8.8 - 6.7 Security Rating: MEDIUM - HIGH Affected Versions Worry-Free Business Security (WFBS): 10.0 SP1 Worry-Free Business Security Services (WFSS): 6.0 (2025) Remediation WFBS: Upgrade to 10 SP1 Build 4204 WFSS: May 2025 Monthly Release (Build 202504 / 7.4.1.2025) Vulnerability Details 1. CVE-2025-4915: Insecure Access Control Vulnerability - CWE: CWE-276/CWE-426/CWE-732/CWE-862/CWE-863 - Severity: CVSS v3.0: Important Critical 2. CVE-2025-4868: Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability - CWE: CWE-426/CWE-428/CWE-863 - Severity: CVSS v3.0: Important Critical 3. CVE-2025-3336: Authentication Bypass Vulnerability - CWE: CWE-287/CWE-306/CWE-522/CWE-863 - Severity: CVSS v3.0: Important Critical Mitigation Factors Trend Micro recommends customers upgrade to the latest version as soon as possible. Customers should follow best practices, such as using strong passwords and changing them regularly. Acknowledgments Discoverer: John Doe (ID: 123456) Partner: White Hat Research Team (ID: 67890) ``` This summary outlines the key vulnerability details, affected versions, remediation steps, and mitigation measures.