1. Home
  2. CVE Database
  3. CVE-2025-31284
MEDIUM · 4.6

CVE-2025-31284

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account a...

Vulnerability Description

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
TrendmicroTrend Vision One-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2025-31284?

CVE-2025-31284 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account a...

How severe is CVE-2025-31284?

CVE-2025-31284 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-31284?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Trend Vision One.