CVE-2025-3722

EPSS 0.02%
Veröffentlicht 26.06.2025 11:08:53
Zuletzt bearbeitet 11.02.2026 21:40:42
Quelle trellixpsirt@trellix.com
CVE-Watchlists
Login
Unerledigt
Login

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed  an authenticated high privileged user to issue malicious  ePO post requests to System Information Reporter, leading to creation of  files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trellix ≫ System Information Reporter Version <= 1.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.051

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
trellixpsirt@trellix.com	0	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://thrive.trellix.com/s/article/000014635

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-3722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-3722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-3722

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-3722