JVNDB-2025-004076

Security Update for Trend Micro Trend Vision One (April 2025)

Trend Micro Incorporated has released the security update for the administration console of Trend Vision One.
This update addressed the following vulnerabilities:

* CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Trend Micro, Inc.

• Trend Vision One (administration console)

* User account's role may be changed and privileges may be escalated (CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285)
* Arbitrary code may be executed by a malicious user (CVE-2025-31286)

Each issue has been addressed on the backend service and no user action is required.

Trend Micro, Inc.

• Trend Micro Incorporated : INFORMATIONAL BULLETIN (No Customer Action Required): Trend Vision One Broken Access Control and HTML Injection

1. CVE-2025-31282
2. CVE-2025-31283
3. CVE-2025-31284
4. CVE-2025-31285
5. CVE-2025-31286

1. JVN : JVNVU#97907980

• [2025/04/30]
    Web page was published