Refine your search

2 vulnerabilities found for Trend Vision One by Trend Micro, Inc.

jvndb-2025-010854
Vulnerability from jvndb
Published
2025-08-07 12:25
Modified
2025-08-19 11:36
Severity ?
9.4 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Summary
Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection
Details
Trend Micro Endpoint security products for enterprises contain the following vulnerabilities. <ul><li>OS command injection vulnerability in the management console (CWE-78) - CVE-2025-54948, CVE-2025-54987</li></ul> Trend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010854.html",
  "dc:date": "2025-08-19T11:36+09:00",
  "dcterms:issued": "2025-08-07T12:25+09:00",
  "dcterms:modified": "2025-08-19T11:36+09:00",
  "description": "Trend Micro Endpoint security products for enterprises contain the following vulnerabilities.\r\n\u003cul\u003e\u003cli\u003eOS command injection vulnerability in the management console (CWE-78) - CVE-2025-54948, CVE-2025-54987\u003c/li\u003e\u003c/ul\u003e\r\nTrend Micro Incorporated has reported that attacks exploiting CVE-2025-54948 have been observed in the wild.\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-010854.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:trend_micro_apex_one",
      "@product": "Trend Micro Apex One",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:trend_vision_one",
      "@product": "Trend Vision One",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.4",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-010854",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92409854/index.html",
      "@id": "JVNVU#92409854",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-54948",
      "@id": "CVE-2025-54948",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-54987",
      "@id": "CVE-2025-54987",
      "@source": "CVE"
    },
    {
      "#text": "https://www.jpcert.or.jp/english/at/2025/at250016.html",
      "@id": "JPCERT-AT-2025-0016",
      "@source": "JPCERT AT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection"
}

jvndb-2025-004076
Vulnerability from jvndb
Published
2025-04-30 10:38
Modified
2025-04-30 10:38
Summary
Security Update for Trend Micro Trend Vision One (April 2025)
Details
Trend Micro Incorporated has released the security update for the administration console of Trend Vision One. This update addressed the following vulnerabilities: * CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286 Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004076.html",
  "dc:date": "2025-04-30T10:38+09:00",
  "dcterms:issued": "2025-04-30T10:38+09:00",
  "dcterms:modified": "2025-04-30T10:38+09:00",
  "description": "Trend Micro Incorporated has released the security update for the administration console of Trend Vision One.\r\nThis update addressed the following vulnerabilities:\r\n\r\n  * CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285, CVE-2025-31286\r\n\r\nTrend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-004076.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:trend_vision_one",
    "@product": "Trend Vision One",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2025-004076",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97907980/index.html",
      "@id": "JVNVU#97907980",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-31282",
      "@id": "CVE-2025-31282",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-31283",
      "@id": "CVE-2025-31283",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-31284",
      "@id": "CVE-2025-31284",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-31285",
      "@id": "CVE-2025-31285",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-31286",
      "@id": "CVE-2025-31286",
      "@source": "CVE"
    }
  ],
  "title": "Security Update for Trend Micro Trend Vision One (April 2025)"
}