What is CVE-2025-3771?

CVE-2025-3771 is a vulnerability in Trellix System Information Reporter, classified under Improper Link Resolution Before File Access. Published 2025-06-26.

Is CVE-2025-3771 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Trellix System Information Reporter

CVE-2025-3771

A path or symbolic link manipulation vulnerability in SIR 1.0.3 and prior versions allows an authenticated non-admin local user to overwrite system files with SIR backup files, which can potentially cause a system crash. This was achieved…

EPSS: 0.001 (21.8th percentile) — read the EPSS interpretation.

Affected products

Trellix System Information Reporter — versions 1.0.3

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

thrive.trellix.com/s/article/000014635

Frequently asked questions

What is CVE-2025-3771?: CVE-2025-3771 is a vulnerability in Trellix System Information Reporter, classified under Improper Link Resolution Before File Access. Published 2025-06-26.
Is CVE-2025-3771 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.