CVE-2021-25252

Name: CVE-2021-25252
Creator: NVD / NIST
Published: 2021-03-03T16:15:13.087+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.56%

Last modified Jun 17, 2026

CVE-2021-25252 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.56%

42.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-400

Affected Software

Vendor	Product	Versions
Trendmicro	Apex Central	2019
Trendmicro	Apex One	2019
Trendmicro	Cloud Edge	5.0
Trendmicro	Apex One	All versions
Trendmicro	Deep Security	10.0
Trendmicro	Deep Security	11.0
Trendmicro	Deep Security	12.0
Trendmicro	Deep Security	20.0
Trendmicro	Control Manager	7.0
Trendmicro	Deep Discovery Analyzer	5.1
Trendmicro	Deep Discovery Email Inspector	2.5
Trendmicro	Deep Discovery Inspector	3.8
Trendmicro	Interscan Messaging Security Virtual Appliance	9.1
Trendmicro	Interscan Web Security Virtual Appliance	6.5
Trendmicro	Officescan	All versions
Trendmicro	Portal Protect	2.6
Trendmicro	Scanmail	14.0
Trendmicro	Scanmail For Ibm Domino	5.8
Trendmicro	Serverprotect For Storage	6.0
Trendmicro	Serverprotect	5.8
Trendmicro	Serverprotect For Network Appliance Filers	5.8
Trendmicro	Safe Lock	1.1
Trendmicro	Worry-Free Business Security	10.1

References

https://success.trendmicro.com/solution/000285675Patch, Vendor Advisory
https://success.trendmicro.com/solution/000285675Patch, Vendor Advisory

Timeline

Published: Mar 3, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-25252?

How severe is CVE-2021-25252?

CVE-2021-25252 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.

How do I fix CVE-2021-25252?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-25252?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST