CVE-2025-3773

Summary

A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder.

Affected Software

VendorProductVersion RangeStatus
TrellixSystem Information Reporter1.0.3affected

Weaknesses

  • CWE-530: CWE-530: Exposure of Backup File to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References