CVE-2025-3771

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3771
A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://thrive.trellix.com/s/article/000014635 Permissions Required
Configurations

Configuration 1 (hide)

cpe:2.3:a:trellix:system_information_reporter:*:*:*:*:*:*:*:*
History

11 Feb 2026, 21:40

Type Values Removed Values Added
References () https://thrive.trellix.com/s/article/000014635 - () https://thrive.trellix.com/s/article/000014635 - Permissions Required
CPE cpe:2.3:a:trellix:system_information_reporter:*:*:*:*:*:*:*:*
First Time Trellix
Trellix system Information Reporter
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.1
Summary
  • (es) Una vulnerabilidad de manipulación de rutas o enlaces simbólicos en SIR 1.0.3 y versiones anteriores permite que un usuario local no administrador autenticado sobrescriba archivos del sistema con archivos de respaldo de SIR, lo que podría provocar un bloqueo del sistema. Esto se lograba añadiendo una entrada maliciosa al registro en la carpeta de registro de Trellix SIR, mediante una política o con un enlace simbólico de unión a archivos a los que el usuario normalmente no tendría acceso.

26 Jun 2025, 12:15

Type Values Removed Values Added
Summary (en) Vulnerability allows local user to write registry backup files into another location set by the user by creating junction symlink in System Information Reporter. (en) A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved by adding a malicious entry to the registry under the Trellix SIR registry folder or via policy or with a junction symbolic link to files that the user would not normally have permission to acces
References
  • {'url': 'https://fireeye.lightning.force.com/lightning/r/Best_Practices__kav/ka0Pi000000EUhNIAW/view', 'source': 'trellixpsirt@trellix.com'}
  • () https://thrive.trellix.com/s/article/000014635 -

26 Jun 2025, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-26 11:15

Updated : 2026-02-11 21:40

NVD link : CVE-2025-3771

Mitre link : CVE-2025-3771

CVE.ORG link : CVE-2025-3771

JSON object : View

Products Affected

trellix

  • system_information_reporter
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')