CVE-2025-3722

Medium CVSS: 4.4

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

Vendor

Trellix

Product

System Information Reporter

CWE

CWE-22

Yayın Tarihi

2025-06-26 11:15:26

Güncelleme

2026-02-11 21:40:42

Source Identifier

trellixpsirt@trellix.com

KEV Date Added

Kategoriler

CWE-22 System Information Reporter MEDIUM Trellix 2025

Referanslar

https://thrive.trellix.com/s/article/000014635

Benzer Kayıtlar

Medium

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the abil…

Medium

CVE-2025-3773

A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authentic…

High

CVE-2025-3771

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin loc…