CVE-2025-31286 MEDIUM

CVE-2025-31286

Vendor Trend Micro, Inc.
Product Trend Vision One
Weakness CWE-269
Published April 2, 2025
Last update April 7, 2025
View on NVD All CVEs

CVSS base score

4.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability.

Key dates

02Disclosure timeline

April 2, 2025 CVE published
April 7, 2025 Record updated