CVE-2025-3771

Name of the Vulnerable Software and Affected Versions: System Information Reporter versions 1.0.3 and prior

Description: The issue allows a local user to manipulate the location of registry backup files by creating a junction symlink, potentially overwriting system files. This can be achieved by adding a malicious entry to the registry or via policy, which may cause a system crash. An authenticated non-admin local user can exploit this to access files they would not normally have permission to access.

Recommendations: For System Information Reporter versions 1.0.3 and prior, consider restricting access to the registry under the Trellix SIR registry folder to minimize the risk of exploitation. As a temporary workaround, avoid using junction symbolic links in the System Information Reporter until a patch is available. Restrict access to system files that the user would not normally have permission to access to prevent potential overwrites.