{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-31283","assignerOrgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","state":"PUBLISHED","assignerShortName":"trendmicro","dateReserved":"2025-03-27T17:59:57.531Z","datePublished":"2025-04-02T16:39:12.847Z","dateUpdated":"2026-02-26T18:28:59.175Z"},"containers":{"cna":{"affected":[{"vendor":"Trend Micro, Inc.","product":"Trend Vision One","versions":[{"version":"NA","status":"affected","versionType":"semver","lessThan":"NA"}]}],"descriptions":[{"lang":"en","value":"A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability."}],"providerMetadata":{"orgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","shortName":"trendmicro","dateUpdated":"2025-04-07T13:42:31.952Z"},"references":[{"url":"https://success.trendmicro.com/en-US/solution/KA-0019386"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.6,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"}}],"problemTypes":[{"descriptions":[{"description":"CWE-269: Improper Privilege Mangement","lang":"en-US","type":"CWE","cweId":"CWE-269"}]}],"tags":["exclusively-hosted-service"],"credits":[{"lang":"en","value":"Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd","type":"finder"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-31283","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-04-04T03:55:24.894641Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T18:28:59.175Z"}}]}}