Path Traversal in Trellix System Information Reporter

CVE-2025-3722

A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.