CVE-2021-25250

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) OfficeScan XG SP1 (affected versions not specified)

Description The issue is related to improper access control in a sensitive file, which could allow a local attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue.

Recommendations For Trend Micro Apex One, consider restricting access to sensitive files until a patch is available. For Trend Micro Apex One as a Service, consider implementing additional security controls to prevent low-privileged code execution. For OfficeScan XG SP1, consider disabling any features that may allow privilege escalation until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this issue.