Broken Access Control in Trend Micro Vision One
CVE-2025-31285

4.6MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Vision One
Vendor: CVE Published:; 2 April 2025

Summary

A vulnerability identified in the Trend Micro Vision One Role Name component poses risks related to broken access control. This flaw previously allowed unauthorized users, created by an administrator, to modify user roles and escalate privileges. Fortunately, the Trend Micro team has resolved this issue in the backend service, ensuring that the vulnerability is no longer active.

Affected Version(s)

Trend Vision One NA

References

https://success.trendmicro.com/en-US/solution/KA-0019386

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Mar 27, 2025

Credit

Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd