What is CVE-2021-25251?

CVE-2021-25251 is a code injection vulnerability in Trend Micro Security 2020 and 2021 families of consumer products.

How can an attacker exploit CVE-2021-25251?

To exploit CVE-2021-25251, an attacker must already have administrator privileges on the machine and can disable the program's password protection and disable protection.

Which Trend Micro products are affected by CVE-2021-25251?

Trendmicro Antivirus+ Security 2020, Trendmicro Antivirus+ Security 2021, Trendmicro Internet Security 2020, Trendmicro Internet Security 2021, Trendmicro Maximum Security 2020, Trend Micro Maximum Security, Trendmicro Premium Security 2020, and Trendmicro Premium Security 2021 are affected by CVE-2021-25251.

What is the severity of CVE-2021-25251?

The severity of CVE-2021-25251 is high with a CVSS score of 7.2.

How can I fix CVE-2021-25251?

To fix CVE-2021-25251, update your Trend Micro Security product to the latest version available.

Vulnerability/
CVE-2021-25251

high

7.2

CWE

10/2/2021

3/8/2024

CVE-2021-25251: Code Injection

First published: Wed Feb 10 2021(Updated: )

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.

Credit: security@trendmicro.com

Affected Software	Affected Version	How to fix
Trendmicro Antivirus\+ Security 2020	=16.0
Trendmicro Antivirus\+ Security 2021	=17.0
Trendmicro Internet Security 2020	=16.0
Trendmicro Internet Security 2021	=17.0
Trendmicro Maximum Security 2020	=16.0
Trend Micro Maximum Security	=17.0
Trendmicro Premium Security 2020	=16.0
Trendmicro Premium Security 2021	=17.0
Microsoft Windows

Never miss a vulnerability like this again

Reference Links

https://helpcenter.trendmicro.com/en-us/article/TMKA-10211

Frequently Asked Questions

What is CVE-2021-25251?
CVE-2021-25251 is a code injection vulnerability in Trend Micro Security 2020 and 2021 families of consumer products.
How can an attacker exploit CVE-2021-25251?
To exploit CVE-2021-25251, an attacker must already have administrator privileges on the machine and can disable the program's password protection and disable protection.
Which Trend Micro products are affected by CVE-2021-25251?
Trendmicro Antivirus+ Security 2020, Trendmicro Antivirus+ Security 2021, Trendmicro Internet Security 2020, Trendmicro Internet Security 2021, Trendmicro Maximum Security 2020, Trend Micro Maximum Security, Trendmicro Premium Security 2020, and Trendmicro Premium Security 2021 are affected by CVE-2021-25251.
What is the severity of CVE-2021-25251?
The severity of CVE-2021-25251 is high with a CVSS score of 7.2.
How can I fix CVE-2021-25251?
To fix CVE-2021-25251, update your Trend Micro Security product to the latest version available.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/description
agent/tags
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/trendmicro
canonical/trendmicro antivirus\+ security 2020
version/trendmicro antivirus\+ security 2020/16.0
canonical/trendmicro antivirus\+ security 2021
version/trendmicro antivirus\+ security 2021/17.0
canonical/trendmicro internet security 2020
version/trendmicro internet security 2020/16.0
canonical/trendmicro internet security 2021
version/trendmicro internet security 2021/17.0
canonical/trendmicro maximum security 2020
version/trendmicro maximum security 2020/16.0
canonical/trend micro maximum security
version/trend micro maximum security/17.0
canonical/trendmicro premium security 2020
version/trendmicro premium security 2020/16.0
canonical/trendmicro premium security 2021
version/trendmicro premium security 2021/17.0
vendor/microsoft
canonical/microsoft windows