CVE-2025-31285
First published: Wed Apr 02 2025(Updated: )
A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Vision One |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-31285?
CVE-2025-31285 is classified as a critical vulnerability due to its potential to allow privilege escalation.
How do I fix CVE-2025-31285?
To mitigate CVE-2025-31285, update Trend Micro Vision One to the latest version as per the vendor's recommendations.
What systems are affected by CVE-2025-31285?
CVE-2025-31285 affects the Trend Micro Vision One software, particularly in components handling user roles.
What is the impact of exploitation of CVE-2025-31285?
Exploitation of CVE-2025-31285 could allow an attacker to escalate privileges by changing user roles.
Is CVE-2025-31285 still a threat?
The threat posed by CVE-2025-31285 has been mitigated but it is important for users to ensure they are running the patched version.
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- agent/type
- agent/references
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/trend micro
- canonical/trend micro vision one