5 matches found
CVE-2025-31282
Affected software: Trend Vision One (Trend Micro) — Trend Vision One User Account component. Description from connected documents confirms a broken access control flaw that could let an administrator create users who then change the account’s role, enabling privilege escalation. Root cause identi...
CVE-2025-31284
CVE-2025-31284 affects Trend Vision One Status component. The vulnerability was a broken access control that could let an administrator create users who could then change account roles and escalate privileges. Documents indicate the issue has been addressed on the backend service and is no longer...
CVE-2025-31285
The CVE refers to a broken access control issue in Trend Vision One’s Role Name component that could enable an administrator to create users who can change account roles, leading to privilege escalation. The root cause is described as improper access control within that component. Multiple source...
CVE-2025-31286
CVE-2025-31286 refers to an HTML injection vulnerability in Trend Vision One. A malicious user could have caused arbitrary code execution via the affected HTML injection pathway. The issue has been addressed on the backend service and is no longer considered an active vulnerability; no user actio...
CVE-2025-31283
CVE-2025-31283 concerns Trend Micro Trend Vision One, specifically the User Roles component. The issue describes broken access control that could let an administrator create users who can subsequently change their account’s role, enabling privilege escalation. Multiple connected sources confirm t...