CVE-2025-31285

Medium CVSS: 4.6

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges.

Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

Vendor

Trendmicro

Product

Trend Vision One

CWE

CWE-269

Yayın Tarihi

2025-04-02 17:15:48

Güncelleme

2025-09-02 18:33:05

Source Identifier

security@trendmicro.com

KEV Date Added

Kategoriler

CWE-269 Trend Vision One MEDIUM Trendmicro 2025

Referanslar

https://success.trendmicro.com/en-US/solution/KA-0019386

Benzer Kayıtlar

High

CVE-2025-69259

A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create…

High

CVE-2025-69260

A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-…

Critical

CVE-2025-69258

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an atta…

Critical

CVE-2025-54987

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker…

Critical

CVE-2025-54948

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker…

High

CVE-2025-53378

A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have all…