Platform
other
Component
trend-vision-one
Fixed in
NA
CVE-2025-31285 describes a broken access control vulnerability within the Trend Vision One Role Name component. This flaw allows an administrator to create users and subsequently modify their roles, potentially leading to privilege escalation. While the vulnerability has been addressed on the backend service, it highlights the importance of robust access control mechanisms within security management platforms. Affected versions include those prior to the fix.
The primary impact of CVE-2025-31285 lies in the potential for unauthorized privilege escalation. A malicious actor, or even a compromised administrator, could leverage this vulnerability to create user accounts with elevated privileges. This could grant them access to sensitive data, configuration settings, and potentially even full control over the Trend Vision One system. The ability to modify user roles bypasses standard access control measures, enabling lateral movement within the environment and increasing the overall blast radius of a potential attack. While the backend service has been patched, legacy installations or misconfigured systems remain at risk.
CVE-2025-31285 was publicly disclosed on April 2, 2025. While the vulnerability is no longer considered active due to the backend service fix, the potential for exploitation in unpatched or misconfigured environments remains. No public proof-of-concept (POC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability and the potential for privilege escalation, organizations should prioritize patching and access control reviews.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
Although the vulnerability has been addressed on the backend service, organizations using Trend Vision One should still review their user access controls and role assignments. Conduct a thorough audit of existing user accounts and their associated privileges to identify any anomalies or excessive permissions. Implement the principle of least privilege, granting users only the minimum necessary access to perform their duties. Regularly review and update access control policies to reflect changes in organizational needs and security best practices. Verify that the backend service update has been successfully applied and that access control mechanisms are functioning as expected.
Este problema ya ha sido solucionado en el servicio backend. No se requiere ninguna acción por parte del usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31285 is a medium-severity vulnerability in Trend Vision One allowing privilege escalation via role manipulation. An administrator could create users to gain elevated access.
If you are using Trend Vision One versions prior to the backend service fix, you may be affected. Verify the backend service update has been applied.
The vulnerability has been addressed on the backend service. Ensure the backend service update has been successfully applied and review user access controls.
While the vulnerability is no longer considered active due to the backend service fix, the potential for exploitation in unpatched environments remains.
Refer to the official Trend Micro security advisory for CVE-2025-31285 for detailed information and remediation steps.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.