JVNVU#97907980: Security Update for Trend Micro Trend Vision One (April 2025)

Overview

Trend Micro Incorporated has released the security update for the administration console of Trend Vision One.

Products Affected

The administration console of Trend Vision One

Description

Trend Micro Incorporated has released the security update for the administration console of Trend Vision One.
This update addressed the following vulnerabilities:

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286

Impact

User account's role may be changed and privileges may be escalated (CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285)
Arbitrary code may be executed by a malicious user (CVE-2025-31286)

Solution

Each issue has been addressed on the backend service and no user action is required.

Vendor Status

Vendor	Link
Trend Micro Incorporated	INFORMATIONAL BULLETIN (No Customer Action Required): Trend Vision One Broken Access Control and HTML Injection

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#97907980 Security Update for Trend Micro Trend Vision One (April 2025)