Broken Access Control in Trend Micro Vision One
CVE-2025-31285

NONE

Key Information:

Vendor
CVE Published:
2 April 2025

Summary

A vulnerability identified in the Trend Micro Vision One Role Name component poses risks related to broken access control. This flaw previously allowed unauthorized users, created by an administrator, to modify user roles and escalate privileges. Fortunately, the Trend Micro team has resolved this issue in the backend service, ensuring that the vulnerability is no longer active.

Affected Version(s)

Trend Vision One NA

References

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd
.