CVE-2025-14432

Summary

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

Affected Software

VendorProductVersion RangeStatus
HP IncPoly G75000 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio G620 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X720 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X520 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X320 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X700 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X500 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio X300 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio E700 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio E600 < <PolyOS 4.6.1-444242affected
HP IncPoly EagleEye Cube0 < <PolyOS 4.6.1-444242affected
HP IncPolycom EagleEye IV0 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio A20 < <PolyOS 4.6.1-444242affected
HP IncPoly Studio USB0 < <PolyOS 4.6.1-444242affected
HP IncTC80 < <TCOS 6.6.1-7001859affected
HP IncTC100 < <TCOS 6.6.1-7001859affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References