CVE-2025-31285

MEDIUM 4.6

CVSS Score

4.6

EPSS Score

0.0%

EPSS Percentile

0th

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

Vendor	trend micro, inc.
Product	trend vision one
Published	Apr 2, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for trend micro, inc. trend vision one

Be the first to know when new medium vulnerabilities affecting trend micro, inc. trend vision one are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Trend Micro, Inc. / Trend Vision One

NA < NA

References

NVD ↗ CVE.org ↗ EPSS Data ↗

success.trendmicro.com: https://success.trendmicro.com/en-US/solution/KA-0019386

Credits

Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd