{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T11:07:09.550","vulnerabilities":[{"cve":{"id":"CVE-2025-3722","sourceIdentifier":"trellixpsirt@trellix.com","published":"2025-06-26T11:15:26.427","lastModified":"2026-02-11T21:40:42.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed  an authenticated high privileged user to issue malicious  ePO post requests to System Information Reporter, leading to creation of  files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure."},{"lang":"es","value":"Una vulnerabilidad de path traversal en System Information Reporter (SIR) 1.0.3 y anteriores permitía a un usuario autenticado con privilegios elevados emitir solicitudes POD maliciosas a System Information Reporter, lo que llevaba a la creación de archivos en cualquier parte del sistema de archivos y posiblemente a sobrescribir archivos existentes y exponer información confidencial."}],"metrics":{"cvssMetricV40":[{"source":"trellixpsirt@trellix.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":0.0,"baseSeverity":"NONE","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}]},"weaknesses":[{"source":"trellixpsirt@trellix.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trellix:system_information_reporter:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.3","matchCriteriaId":"CCB204E5-A954-45E1-AEB7-B2A9B7D523F7"}]}]}],"references":[{"url":"https://thrive.trellix.com/s/article/000014635","source":"trellixpsirt@trellix.com","tags":["Permissions Required"]}]}}]}