Platform
other
Component
trend-vision-one
Fixed in
NA
CVE-2025-31286 describes an HTML injection vulnerability identified in Trend Vision One. This flaw could potentially allow a malicious user to execute arbitrary code, compromising the system's integrity and confidentiality. The vulnerability affects versions up to and including NA. While the issue has been addressed on the backend service, diligent monitoring and security practices remain crucial.
The HTML injection vulnerability in Trend Vision One allows attackers to inject malicious HTML code into web pages viewed by other users. Successful exploitation could lead to cross-site scripting (XSS) attacks, where attackers can steal user credentials, redirect users to phishing sites, or deface the web application. The potential impact extends to data breaches, unauthorized access to sensitive information, and disruption of services. Although the backend service has been patched, residual risks may exist if configurations are not properly reviewed.
CVE-2025-31286 was publicly disclosed on April 2, 2025. The vulnerability is no longer considered active due to a backend service fix. No public proof-of-concept (POC) exploits have been identified at this time. The vulnerability's severity is currently assessed as MEDIUM.
Exploit Status
EPSS
0.20% (42% percentile)
CISA SSVC
CVSS Vector
While the backend service addressing CVE-2025-31286 has been implemented, proactive security measures are still recommended. Review and strengthen access controls to limit user privileges and restrict access to sensitive areas of the application. Implement robust input validation and output encoding to prevent further HTML injection attempts. Regularly monitor system logs for suspicious activity, such as unusual HTML content or unauthorized access attempts. Consider implementing a Web Application Firewall (WAF) to filter malicious requests.
La vulnerabilidad ha sido solucionada en el servicio backend. No se requiere ninguna acción por parte del usuario.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-31286 is a vulnerability allowing malicious HTML code injection in Trend Vision One, potentially enabling code execution. It's rated MEDIUM severity.
If you are using Trend Vision One versions ≤NA, you were potentially affected. However, the backend service has been fixed, so the vulnerability is no longer considered active.
The vulnerability has been addressed on the backend service. Review access controls, monitor logs, and consider a WAF for added protection.
No active exploitation of CVE-2025-31286 has been confirmed at this time.
Refer to the official Trend Micro security advisory for CVE-2025-31286 for detailed information and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.