CVE-2021-25251
moderate-risk
Published 2021-02-10
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
Do I need to act?
-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (8)
Antivirus\+ Security 2020
Antivirus\+ Security 2021
Internet Security 2020
Internet Security 2021
Maximum Security 2020
Maximum Security 2021
Premium Security 2020
Premium Security 2021
Affected Vendors
References (2)
Vendor Advisory
https://helpcenter.trendmicro.com/en-us/article/TMKA-10211
Vendor Advisory
https://helpcenter.trendmicro.com/en-us/article/TMKA-10211
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
14/34 · Moderate