CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hp:poly_videoos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_eagleeye_cube:-:::::::*
	cpe:2.3:h:hp:poly_eagleeye_iv:-:::::::*
	cpe:2.3:h:hp:poly_studio_a2:-:::::::*
	cpe:2.3:h:hp:poly_studio_e60:-:::::::*
	cpe:2.3:h:hp:poly_studio_e70:-:::::::*
	cpe:2.3:h:hp:poly_studio_g62:-:::::::*
	cpe:2.3:h:hp:poly_studio_g7500:-:::::::*
	cpe:2.3:h:hp:poly_studio_usb:-:::::::*
	cpe:2.3:h:hp:poly_studio_x30:-:::::::*
	cpe:2.3:h:hp:poly_studio_x32:-:::::::*
	cpe:2.3:h:hp:poly_studio_x50:-:::::::*
	cpe:2.3:h:hp:poly_studio_x52:-:::::::*
	cpe:2.3:h:hp:poly_studio_x70:-:::::::*
	cpe:2.3:h:hp:poly_studio_x72:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:hp:poly_tcos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:poly_tc10:-:::::::*
	cpe:2.3:h:hp:poly_tc8:-:::::::*

History

18 Dec 2025, 19:54

Type	Values Removed	Values Added
First Time		Hp poly Studio Usb Hp poly Studio E60 Hp poly Studio X30 Hp poly Studio E70 Hp poly Studio X50 Hp poly Studio X52 Hp poly Studio G62 Hp poly Studio A2 Hp poly Studio X72 Hp poly Videoos Hp poly Studio X70 Hp poly Eagleeye Cube Hp Hp poly Tcos Hp poly Studio G7500 Hp poly Studio X32 Hp poly Tc8 Hp poly Tc10 Hp poly Eagleeye Iv
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.9
References	~~() https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080 -~~	() https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080 - Vendor Advisory
CPE		cpe:2.3:h:hp:poly_studio_g7500:-:::::::* cpe:2.3:h:hp:poly_tc10:-:::::::* cpe:2.3:h:hp:poly_eagleeye_cube:-:::::::* cpe:2.3:h:hp:poly_studio_x72:-:::::::* cpe:2.3:h:hp:poly_studio_g62:-:::::::* cpe:2.3:h:hp:poly_studio_x52:-:::::::* cpe:2.3:h:hp:poly_eagleeye_iv:-:::::::* cpe:2.3:h:hp:poly_studio_x32:-:::::::* cpe:2.3:h:hp:poly_studio_e70:-:::::::* cpe:2.3:h:hp:poly_studio_usb:-:::::::* cpe:2.3:h:hp:poly_studio_x50:-:::::::* cpe:2.3:h:hp:poly_studio_x70:-:::::::* cpe:2.3:h:hp:poly_tc8:-:::::::* cpe:2.3:o:hp:poly_videoos:::::::: cpe:2.3:h:hp:poly_studio_x30:-:::::::* cpe:2.3:o:hp:poly_tcos:::::::: cpe:2.3:h:hp:poly_studio_a2:-:::::::* cpe:2.3:h:hp:poly_studio_e60:-:::::::*

16 Dec 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-16 16:15

Updated : 2025-12-18 19:54

NVD link : CVE-2025-14432

Mitre link : CVE-2025-14432

CVE.ORG link : CVE-2025-14432

JSON object : View

Products Affected

poly_tcos
poly_studio_usb
poly_studio_g62
poly_studio_x32
poly_studio_x70
poly_studio_g7500
poly_videoos
poly_eagleeye_cube
poly_studio_e60
poly_studio_x30
poly_eagleeye_iv
poly_studio_a2
poly_studio_x72
poly_tc10
poly_tc8
poly_studio_x50
poly_studio_e70
poly_studio_x52

CWE

CWE-532

Insertion of Sensitive Information into Log File

4.9 /10