CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

trellix

system_information_reporter

3 known vulnerabilities · sorted by CVSS score

CVE-2025-3771

HIGH7.1

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces

trellix / system_information_reporter

Local

Published Jun 26, 2025

CVE-2025-3773

MEDIUM5.5

A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.

trellix / system_information_reporter

Local

Published Jun 26, 2025

CVE-2025-3722

MEDIUM4.4

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

trellix / system_information_reporter

Local

Published Jun 26, 2025