CVE-2025-14432

Poly Video - Sensitive Data Might Be Written to Log File

CVSS 8.1 HIGHEPSS 0.3%CWE-532

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Productos afectados

HP Inc · Polycom EagleEye IV HP Inc · Poly EagleEye Cube HP Inc · Poly G7500 HP Inc · Poly Studio A2 HP Inc · Poly Studio E60 HP Inc · Poly Studio E70 HP Inc · Poly Studio G62 HP Inc · Poly Studio USB HP Inc · Poly Studio X30 HP Inc · Poly Studio X32 HP Inc · Poly Studio X50 HP Inc · Poly Studio X52 HP Inc · Poly Studio X70 HP Inc · Poly Studio X72 HP Inc · TC10 HP Inc · TC8

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080