CVE-2025-3771

High CVSS: 7.2

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces

Vendor

Trellix

Product

System Information Reporter

CWE

CWE-59

Yayın Tarihi

2025-06-26 11:15:29

Güncelleme

2026-02-11 21:40:19

Source Identifier

trellixpsirt@trellix.com

KEV Date Added

Kategoriler

CWE-59 System Information Reporter HIGH Trellix 2025

Referanslar

https://thrive.trellix.com/s/article/000014635

Benzer Kayıtlar

Medium

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the abil…

Medium

CVE-2025-3773

A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authentic…

Medium

CVE-2025-3722

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privi…