CVE-2025-43017

HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:hp:thinpro:8.1:sp2::::::
	cpe:2.3:o:hp:thinpro:8.1:sp3::::::
	cpe:2.3:o:hp:thinpro:8.1:sp4::::::
	cpe:2.3:o:hp:thinpro:8.1:sp5::::::
	cpe:2.3:o:hp:thinpro:8.1:sp6::::::
	cpe:2.3:o:hp:thinpro:8.1:sp7::::::

History

21 Jan 2026, 20:21

Type	Values Removed	Values Added
References	~~() https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066 -~~	() https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066 - Vendor Advisory
First Time		Hp Hp thinpro
CPE		cpe:2.3:o:hp:thinpro:8.1:sp6:::::: cpe:2.3:o:hp:thinpro:8.1:sp5:::::: cpe:2.3:o:hp:thinpro:8.1:sp7:::::: cpe:2.3:o:hp:thinpro:8.1:sp3:::::: cpe:2.3:o:hp:thinpro:8.1:sp4:::::: cpe:2.3:o:hp:thinpro:8.1:sp2::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

28 Oct 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-28 21:15

Updated : 2026-01-21 20:21

NVD link : CVE-2025-43017

Mitre link : CVE-2025-43017

CVE.ORG link : CVE-2025-43017

JSON object : View

Products Affected

hp

thinpro

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2025-43017", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-28T21:15:37.793", "references": [{"url": "https://support.hp.com/us-en/document/ish_13164593-13164617-16/hpsbhf04066", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities."}], "lastModified": "2026-01-21T20:21:55.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA354C92-93B8-4683-989F-BEF60F1AC82E"}, {"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A09690E-88F9-474C-A077-EEC14D8B5E59"}, {"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65D6E120-98D8-413A-91CF-AC5166E6C7E6"}, {"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "261A9B99-8C3C-43B0-9DB9-D8F2A3E83C7B"}, {"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F0E012B-0867-4CF2-9869-4C238D132A59"}, {"criteria": "cpe:2.3:o:hp:thinpro:8.1:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6C6148F-662D-4FCA-8F19-6BB1B6B056BE"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}