Broken Access Control in Trend Vision One User Account Allows Privilege Escalation
CVE-2025-31282
NONE
Summary
A broken access control vulnerability was identified in the Trend Vision One User Account component. This vulnerability enabled an administrator to create new users who could subsequently alter their account roles, leading to elevated privileges. It's important to note that this issue has been addressed in the backend service and is no longer active, ensuring that systems using Trend Vision One are now more secure against such vulnerabilities.
Affected Version(s)
Trend Vision One NA
References
CVSS V3.1
Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd