CVE-2021-25252

moderate-risk

Published 2021-03-03

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Apex Central

Apex One

Cloud Edge

Apex One

Deep Security

Control Manager

Deep Discovery Analyzer

Deep Discovery Email Inspector

Deep Discovery Inspector

Interscan Messaging Security Virtual Appliance

Interscan Web Security Virtual Appliance

Officescan

Portal Protect

Scanmail

Scanmail For Ibm Domino

Serverprotect For Storage

Serverprotect

Affected Vendors

Trendmicro

References (2)

Patch https://success.trendmicro.com/solution/000285675

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 21/34 · High