CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:poly_videoos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_eagleeye_cube:-:::::::*
	cpe:2.3:h:hp:poly_eagleeye_iv:-:::::::*
	cpe:2.3:h:hp:poly_studio_a2:-:::::::*
	cpe:2.3:h:hp:poly_studio_e60:-:::::::*
	cpe:2.3:h:hp:poly_studio_e70:-:::::::*
	cpe:2.3:h:hp:poly_studio_g62:-:::::::*
	cpe:2.3:h:hp:poly_studio_g7500:-:::::::*
	cpe:2.3:h:hp:poly_studio_usb:-:::::::*
	cpe:2.3:h:hp:poly_studio_x30:-:::::::*
	cpe:2.3:h:hp:poly_studio_x32:-:::::::*
	cpe:2.3:h:hp:poly_studio_x50:-:::::::*
	cpe:2.3:h:hp:poly_studio_x52:-:::::::*
	cpe:2.3:h:hp:poly_studio_x70:-:::::::*
	cpe:2.3:h:hp:poly_studio_x72:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:poly_tcos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_tc10:-:::::::*
	cpe:2.3:h:hp:poly_tc8:-:::::::*

History

No history.

Information

Published : 2025-12-16 16:15

Updated : 2025-12-18 19:54

NVD link : CVE-2025-14432

Mitre link : CVE-2025-14432

CVE.ORG link : CVE-2025-14432

JSON object : View

Products Affected

hp

poly_studio_x52
poly_studio_x70
poly_tc8
poly_studio_usb
poly_eagleeye_cube
poly_studio_g7500
poly_tc10
poly_tcos
poly_studio_x30
poly_studio_x32
poly_studio_x50
poly_studio_e60
poly_studio_a2
poly_eagleeye_iv
poly_studio_e70
poly_studio_g62
poly_studio_x72
poly_videoos

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2025-14432", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-16T16:15:57.363", "references": [{"url": "https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI."}], "lastModified": "2025-12-18T19:54:18.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:poly_videoos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9236A14B-98A8-413F-BAB1-35AD7D2C4971", "versionEndExcluding": "4.6.1-444242"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:poly_eagleeye_cube:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77DFEDD4-9863-426F-8243-AFBA425F59AC"}, {"criteria": "cpe:2.3:h:hp:poly_eagleeye_iv:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8DDFDBE1-1CA2-4A9E-BEF5-CC1CF32A44F8"}, {"criteria": "cpe:2.3:h:hp:poly_studio_a2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7AD75D83-4B2D-44A8-88BA-42A0FD58DCEF"}, {"criteria": "cpe:2.3:h:hp:poly_studio_e60:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DBFB67C4-AD02-489C-B909-EFB20EE22EF6"}, {"criteria": "cpe:2.3:h:hp:poly_studio_e70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EB25A1B-AC4D-467C-BC1F-B315D3201FBA"}, {"criteria": "cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FF7F293C-3F38-40DB-B909-F6E0C32219E0"}, {"criteria": "cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C0B27E0D-4C00-42F8-8772-1C0B1D0F64FC"}, {"criteria": "cpe:2.3:h:hp:poly_studio_usb:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5E961C8-A34A-40A0-9C54-D77945649ECF"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58648CB8-9564-4EAB-8049-65B048EF8000"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B8E24FE0-2C63-4026-88FC-A8772C4FF891"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1424706A-4E51-4513-B962-59E9ABDD71E7"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06C69912-7DB0-4510-884B-3FFF7AC6B1FB"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8A94CC22-4C6E-4415-9AB3-E0A3EC7BD672"}, {"criteria": "cpe:2.3:h:hp:poly_studio_x72:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A28EBB9-EC5D-42A2-BFE4-76E079A92B2E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:poly_tcos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF3EC071-9A4E-4ACD-B35C-966163AE063D", "versionEndExcluding": "6.6.1-7001859"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E9083C3-3142-494C-827C-56576ADFCA93"}, {"criteria": "cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F053C475-D941-4D4B-B433-8D67CD9A2C71"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}