CVE-2025-3722

NONE EPSS 5.1%

Published Jun 26, 20251y ago · Modified Jun 17, 20261w ago

0.0 CVSS 4.0

Low

Published Jun 26, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

CVSS Details

Base Score

0.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Local

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

5.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

Vendor	Product	Version	Range
trellix	system_information_reporter	*	≤1.0.3

References 1

thrive.trellix.com https://thrive.trellix.com/s/article/000014635

Permissions Required

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.