Security readout for executives and security teams
Plain-English summary
CVE-2021-43750 is a local crash vulnerability in Adobe Premiere Rush 1.5.16 and earlier. A victim must open a malicious file, and the known impact is application denial-of-service for that user, not data theft or system takeover.
Executive priority
Treat this as a moderate endpoint hygiene issue. It can disrupt users who open malicious files, but the supplied evidence does not show confidentiality impact, integrity impact, remote exploitation, or active exploitation.
Technical view
The issue is a CWE-476 NULL pointer dereference in Adobe Premiere Rush. CVSS 3.1 is 5.5 with local attack vector, low complexity, no privileges, required user interaction, unchanged scope, and high availability impact only.
Likely exposure
Exposure is most likely on workstations where Adobe Premiere Rush is installed, especially creative, marketing, media, or contractor endpoints. Servers and systems without Premiere Rush are not indicated as affected by the provided sources.
Exploitation context
The provided sources say exploitation requires user interaction: the victim must open a malicious file. CISA KEV status is false in the bundle, and no cited source here supports active exploitation.
Researcher notes
The source bundle does not provide exploit details or a named fixed version. Validate asset exposure through installed-version data and use Adobe APSB21-101 as the remediation authority. Avoid overstating impact beyond local application denial-of-service.
Mitigation direction
- Identify managed devices with Adobe Premiere Rush installed.
- Prioritize upgrades or removal for versions 1.5.16 and earlier.
- Follow Adobe APSB21-101 for the supported update path.
- Limit handling of untrusted media files on affected endpoints.
- Use endpoint controls to reduce delivery of suspicious attachments.
Validation and detection
- Check software inventory for Adobe Premiere Rush 1.5.16 and earlier.
- Confirm whether affected endpoints can open untrusted project or media files.
- Verify remediation against Adobe APSB21-101 rather than assuming a fixed version.
- Review helpdesk or crash telemetry for repeated Premiere Rush denial-of-service symptoms.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-476: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2021-43750 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Medium
- CVSS
- 5.5 (3.1)
- Known Exploited
- No
- Published
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H1.83.6Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
5.5MediumVector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.htmlCVE reference · x_refsource_MISC
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
NULL Pointer Dereference
NULL Pointer Dereference represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
