CVE-2025-14432

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

I

n limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

References

Link	Resource
https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:poly_videoos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_eagleeye_cube:-:::::::*
	cpe:2.3:h:hp:poly_eagleeye_iv:-:::::::*
	cpe:2.3:h:hp:poly_studio_a2:-:::::::*
	cpe:2.3:h:hp:poly_studio_e60:-:::::::*
	cpe:2.3:h:hp:poly_studio_e70:-:::::::*
	cpe:2.3:h:hp:poly_studio_g62:-:::::::*
	cpe:2.3:h:hp:poly_studio_g7500:-:::::::*
	cpe:2.3:h:hp:poly_studio_usb:-:::::::*
	cpe:2.3:h:hp:poly_studio_x30:-:::::::*
	cpe:2.3:h:hp:poly_studio_x32:-:::::::*
	cpe:2.3:h:hp:poly_studio_x50:-:::::::*
	cpe:2.3:h:hp:poly_studio_x52:-:::::::*
	cpe:2.3:h:hp:poly_studio_x70:-:::::::*
	cpe:2.3:h:hp:poly_studio_x72:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:poly_tcos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_tc10:-:::::::*
	cpe:2.3:h:hp:poly_tc8:-:::::::*

History

18 Dec 2025, 19:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-16 16:15

Updated : 2025-12-18 19:54

NVD link : CVE-2025-14432

Mitre link : CVE-2025-14432

CVE.ORG link : CVE-2025-14432

JSON object : View

Products Affected

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-14432", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-16T16:15:57.363", "references": [{"url": "https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI."}], "lastModified": "2025-12-18T19:54:18.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:poly_videoos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9236A14B-98A8-413F-BAB1-35AD7D2C4971", "versionEndExcluding": "4.6.1-444242"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:poly_eagleeye_cube:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77DFEDD4-9863-426F-8243-AFBA425F59AC"}, {"criteria": "cpe:2.3:h:hp:poly_eagleeye_iv:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8DDFDBE1-1CA2-4A9E-BEF5-CC1CF32A44F8"}, {"criteria": "cpe:2.3:h:hp:poly_studio_a2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AD75D83-4B2D-44A8-88BA-42A0FD58DCEF"}, {"criteria": "cpe:2.3:h:hp:poly_studio_e60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBFB67C4-AD02-489C-B909-EFB20EE22EF6"}, {"criteria": "cpe:2.3:h:hp:poly_studio_e70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EB25A1B-AC4D-467C-BC1F-B315D3201FBA"}, {"criteria": "cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF7F293C-3F38-40DB-B909-F6E0C32219E0"}, {"criteria": "cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0B27E0D-4C00-42F8-8772-1C0B1D0F64FC"}, {"criteria": "cpe:2.3:h:hp:poly_studio_usb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5E961C8-A34A-40A0-9C54-D77945649ECF"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58648CB8-9564-4EAB-8049-65B048EF8000"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8E24FE0-2C63-4026-88FC-A8772C4FF891"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1424706A-4E51-4513-B962-59E9ABDD71E7"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06C69912-7DB0-4510-884B-3FFF7AC6B1FB"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A94CC22-4C6E-4415-9AB3-E0A3EC7BD672"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x72:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A28EBB9-EC5D-42A2-BFE4-76E079A92B2E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:poly_tcos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF3EC071-9A4E-4ACD-B35C-966163AE063D", "versionEndExcluding": "6.6.1-7001859"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E9083C3-3142-494C-827C-56576ADFCA93"}, {"criteria": "cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F053C475-D941-4D4B-B433-8D67CD9A2C71"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}