Sensitive Information Exposure in System Information Reporter by Trellix
CVE-2025-3773

NONE

Key Information:

Vendor: Trellix
Status: System Information Reporter
Vendor: CVE Published:; 26 June 2025

What is CVE-2025-3773?

A vulnerability in versions up to 1.0.3 of System Information Reporter, developed by Trellix, allows authenticated non-admin local users to access sensitive information from a registry backup folder. This exposure could lead to unauthorized data extraction, potentially jeopardizing user privacy and system integrity.

Affected Version(s)

System Information Reporter Windows 1.0.3

References

https://thrive.trellix.com/s/article/000014635

CVSS V4

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2025
Vulnerability Reserved
Apr 17, 2025

Credit

NCIA researchers