CVE-2025-31282
First published: Wed Apr 02 2025(Updated: )
A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Vision One |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-31282?
CVE-2025-31282 is classified as a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2025-31282?
To fix CVE-2025-31282, ensure that you have installed the latest updates provided by Trend Micro for the Vision One product.
What type of vulnerability is CVE-2025-31282?
CVE-2025-31282 is a broken access control vulnerability that can allow unauthorized privilege escalation.
Which product is affected by CVE-2025-31282?
CVE-2025-31282 affects the Trend Micro Vision One product.
What potential impact does CVE-2025-31282 have on an organization?
CVE-2025-31282 can lead to unauthorized changes in user roles and privileges, compromising system security.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/type
- agent/description
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/source
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/trend micro
- canonical/trend micro vision one