CVE-2025-3722 in System Information Reporter
Summary
by MITRE • 06/26/2025
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/11/2026
The path traversal vulnerability identified as CVE-2025-3722 affects System Information Reporter version 1.0.3 and earlier implementations, representing a critical security flaw that undermines the integrity and confidentiality of affected systems. This vulnerability specifically targets the file handling mechanisms within the SIR application, which is designed to collect and report system information. The flaw manifests when authenticated users with high privileged access submit malicious ePO post requests that exploit improper input validation and path resolution within the application's file creation processes.
The technical exploitation of this vulnerability stems from inadequate sanitization of user-supplied input parameters within the SIR's web interface. When processing ePO post requests, the application fails to properly validate or sanitize file paths provided by authenticated users, allowing attackers to manipulate the intended file destination through directory traversal sequences such as ../ or ..\. This weakness enables an authenticated attacker to specify arbitrary file paths during file creation operations, bypassing normal access controls and file system boundaries. The vulnerability is classified under CWE-22 Path Traversal as it allows attackers to traverse the file system hierarchy to access or modify files outside of the intended directories.
The operational impact of this vulnerability extends beyond simple file creation capabilities, as it provides attackers with the ability to overwrite existing critical system files, potentially leading to system compromise or denial of service conditions. The vulnerability's severity is amplified by the fact that it requires only an authenticated high privileged user, suggesting that internal threat actors or compromised accounts with elevated privileges could exploit this weakness. Additionally, the potential for sensitive information disclosure arises when attackers can create files in system directories or overwrite configuration files that may contain confidential data, leading to data exfiltration or privilege escalation opportunities.
Organizations utilizing System Information Reporter version 1.0.3 or earlier face significant risk from this vulnerability, particularly in environments where privileged accounts are compromised or where insider threats exist. The attack vector through ePO post requests indicates that this vulnerability may be exploitable through legitimate administrative interfaces, making detection more challenging as malicious activity could appear to originate from legitimate administrative accounts. This vulnerability aligns with ATT&CK technique T1059.001 Command and Scripting Interpreter where attackers may leverage legitimate system interfaces to execute malicious commands. The path traversal mechanism also corresponds to ATT&CK technique T1078 Valid Accounts where compromised privileged accounts can be used to manipulate system files through legitimate interfaces.
Mitigation strategies for CVE-2025-3722 should prioritize immediate patching of affected SIR versions to the latest release that addresses the path traversal vulnerability. Organizations should implement strict input validation and sanitization measures for all user-supplied data within the application, particularly for file path parameters. Network segmentation and access control measures should be enforced to limit the impact of potential exploitation, ensuring that even if an attacker compromises a privileged account, they cannot traverse the entire file system. Additionally, implementing proper file system permissions and monitoring for unusual file creation patterns can help detect exploitation attempts. Regular security audits and penetration testing should be conducted to identify similar vulnerabilities in other system components, while privileged account monitoring should be enhanced to detect anomalous behavior patterns that may indicate exploitation attempts. The vulnerability also underscores the importance of implementing defense-in-depth strategies that include both network-based and host-based security controls to protect against such path traversal attacks.