CVE-2025-31284

EPSS 0.03%
Veröffentlicht 02.04.2025 17:15:48
Zuletzt bearbeitet 02.09.2025 18:33:20
Quelle security@trendmicro.com
Teams Watchlist Login
Unerledigt Login

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. 

Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Trend Vision One Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@trendmicro.com	4.6	2.1	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://success.trendmicro.com/en-US/solution/KA-0019386

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-31284

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31284

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31284

EUVD