CVE-2025-3722

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

CVSS

No CVSS.

References

Link	Resource
https://thrive.trellix.com/s/article/000014635

Configurations

No configuration.

History

No history.

Information

Published : 2025-06-26 11:15

Updated : 2025-06-26 18:57

NVD link : CVE-2025-3722

Mitre link : CVE-2025-3722

CVE.ORG link : CVE-2025-3722

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-3722", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 0.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-26T11:15:26.427", "references": [{"url": "https://thrive.trellix.com/s/article/000014635", "source": "trellixpsirt@trellix.com"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "trellixpsirt@trellix.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure."}, {"lang": "es", "value": "Una vulnerabilidad de path traversal en System Information Reporter (SIR) 1.0.3 y anteriores permit\u00eda a un usuario autenticado con privilegios elevados emitir solicitudes POD maliciosas a System Information Reporter, lo que llevaba a la creaci\u00f3n de archivos en cualquier parte del sistema de archivos y posiblemente a sobrescribir archivos existentes y exponer informaci\u00f3n confidencial."}], "lastModified": "2025-06-26T18:57:43.670", "sourceIdentifier": "trellixpsirt@trellix.com"}

CVE-2025-3722

JSON object

Attach tags to CVE-2025-3722

Attach tags to `CVE-2025-3722`