Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SECURITY BULLETIN: Trend Micro Scan Engine Memory Exhaustion Denial-of-Service Vulnerability

    • Updated:
    • 4 Mar 2021
    • Product/Version:
    • Apex Central All
    • Apex One All
    • Apex One as a Service
    • Cloud Edge All
    • Control Manager All
    • Deep Discovery Analyzer All
    • Deep Discovery Email Inspector All
    • Deep Discovery Inspector All
    • Deep Security All
    • Interscan Messaging Security Virtual Appliance All
    • Interscan Web Security Virtual Appliance All
    • OfficeScan All
    • Portalprotect All
    • Safe Lock All
    • ScanMail for Exchange All
    • Scanmail for IBM Domino All
    • ServerProtect All
    • ServerProtect For EMC Celerra All
    • ServerProtect For Linux All
    • ServerProtect for Network Appliance Filer All
    • ServerProtect For Storage All
    • Worry-Free Business Security Advanced All
    • Worry-Free Business Security Standard All
    • Platform:
Release Date: March 2, 2021
CVE Identifier(s): CVE-2021-25252
Platform(s): Windows, Linux, macOS
CVSS 3.0 Score(s): 3.3 - 5.5 
Severity Rating(s): Low - Medium

Trend Micro has released patches for products that utilize either the Virus Scan API (VSAPI) or Advanced Threat Scan Engine (ATSE) to resolve a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited.


Affected Versions and Solutions

Trend Micro has released the following solutions to address the issue on the affected product versions:

ProductUpdated versionPlatformAvailability
Apex Central2019 CP5534 (On premise)
Apex One2019 CP9167 (On Premise)
SaaS (B2101)

Cloud Edge5.0+ updated via ActiveUpdateApplianceNow
Deep SecurityDS 10.0 U29
DS 11.0 U25
DS 12.0 U15
DS 20.0 LTS Update 2021-01-18
Control Manager7.0 CP 3215WindowsNow
Deep Discovery Analyzer5.1+ updated via ActiveUpdateAllNow
Deep Discovery Email Inspector2.5+ updated via ActiveUpdateAllNow
Deep Discovery Inspector3.8+ updated via ActiveUpdateAllNow
InterScan Messaging Security Virtual Appliance9.1 CP2034Virtual ApplianceNow
InterScan Web Security Virtual Appliance6.5 CP1926Virtual ApplianceNow
OfficeScanXG SP1 CP6040WindowsNow
PortalProtect2.6 CP1045WindowsNow
ScanMail for Exchange14.0 CP3083WindowsNow
ScanMail for IBM Domino5.8 CP1083Windows
ServerProtect for Storage6.0 CP1274WindowsNow
ServerProtect for EMC Celerra5.8 CP1573EMC CelerraNow
ServerProtect for Linux3.0 CP1649LinuxNow
ServerProtect for Windows/Netware5.8 CP1571WindowsNow
ServerProtect for Network Appliance Filers5.8 CP1295NetAppNow
Safe Lock TXOne Edition1.1 CP1042WindowsNow
Worry-Free Business Security10.1 SP1 Patch 2274WindowsNow

These is the minimum versions of the patch and/or build required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.

Customers are encouraged to visit Trend Micro’s Download Center to obtain the patches and any prerequisite software (such as Service Packs) before applying any of the solutions above.

Vulnerability Details

Trend Micro’s scan engines - Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) – are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Please note that depending on the specific backend platform, the CVSS 3.0 impact scores are different due to the variation of impact via exploit.

  • Linux endpoint products: 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • Windows endpoint products with user-mode engine: 3.3 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • Windows endpoint with kernel mode engine: 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • Gateway products: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • macOS products: 4.0 AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.


Trend Micro would like to thank the following individuals for responsibly disclosing these issues and working with Trend Micro to help protect our customers:

Related Bulletin(s)

The following are related Trend Micro Security Bulletins:
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.