Platform
other
Component
trend-vision-one
Fixed in
NA
CVE-2025-31283 describes a broken access control vulnerability within the Trend Vision One User Roles component. This flaw could allow a malicious administrator to create users with elevated privileges, potentially compromising the entire system. The vulnerability impacts Trend Vision One versions less than or equal to NA, though it’s currently considered inactive due to a backend service fix.
The primary impact of CVE-2025-31283 lies in the potential for privilege escalation. A compromised administrator could leverage this vulnerability to create new user accounts and then modify those accounts' roles, granting them unauthorized access to sensitive data and system functions. This could lead to data breaches, system manipulation, and denial of service. While the vulnerability is no longer considered active, legacy installations or misconfigured systems might still be susceptible if the backend service fix was not properly applied.
CVE-2025-31283 was publicly disclosed on April 2, 2025. While the vulnerability is reported as inactive, the potential for exploitation in unpatched or misconfigured environments remains. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
Although the vulnerability is reported as inactive due to a backend service fix, it's crucial to verify the fix's implementation and maintain robust access control practices. Review all user roles and permissions within Trend Vision One, ensuring that only authorized personnel have access to sensitive functions. Regularly audit user accounts and activity logs for any suspicious behavior. Consider implementing multi-factor authentication (MFA) to add an extra layer of security. After verifying the backend service fix, confirm by reviewing the Trend Micro security advisory and confirming the version deployed is beyond the affected range.
Este problema ya ha sido solucionado en el servicio backend. No se requiere ninguna acción por parte del usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31283 is a medium severity vulnerability in Trend Vision One's User Roles component allowing privilege escalation via user account manipulation. It's currently considered inactive due to a backend service fix.
If you are using Trend Vision One versions less than or equal to NA, you were potentially affected. Verify the backend service fix has been applied to your system.
The vulnerability is reported as fixed on the backend service. Verify the fix's implementation and review user roles and permissions. Consult the official Trend Micro advisory for detailed instructions.
Currently, there are no confirmed reports of active exploitation of CVE-2025-31283. However, unpatched systems remain potentially vulnerable.
Refer to the official Trend Micro security advisory for CVE-2025-31283. The specific URL can be found on the Trend Micro website or through security news outlets.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.