[Japanese]

JVNDB-2025-004076

Security Update for Trend Micro Trend Vision One (April 2025)

Overview

Trend Micro Incorporated has released the security update for the administration console of Trend Vision One.
This update addressed the following vulnerabilities:

* CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Trend Vision One (administration console)

Impact

* User account's role may be changed and privileges may be escalated (CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285)
* Arbitrary code may be executed by a malicious user (CVE-2025-31286)
Solution

Each issue has been addressed on the backend service and no user action is required.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2025-31282
  2. CVE-2025-31283
  3. CVE-2025-31284
  4. CVE-2025-31285
  5. CVE-2025-31286
References

  1. JVN : JVNVU#97907980
Revision History

  • [2025/04/30]
      Web page was published