CVE-2025-14432

Poly Video - Sensitive Data Might Be Written to Log File

CVSS 8.1 HIGHEPSS 0.3%CWE-532

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.1EPSS 0.3%KEV nãoPoC —Patch —

Lifecycle

16 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected products

HP Inc · Polycom EagleEye IV HP Inc · Poly EagleEye Cube HP Inc · Poly G7500 HP Inc · Poly Studio A2 HP Inc · Poly Studio E60 HP Inc · Poly Studio E70 HP Inc · Poly Studio G62 HP Inc · Poly Studio USB HP Inc · Poly Studio X30 HP Inc · Poly Studio X32 HP Inc · Poly Studio X50 HP Inc · Poly Studio X52 HP Inc · Poly Studio X70 HP Inc · Poly Studio X72 HP Inc · TC10 HP Inc · TC8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080