CVE-2025-43487

A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hp:poly_clariti_manager:*:*:*:*:*:*:*:*

History

02 Oct 2025, 17:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:hp:poly_clariti_manager::::::::
First Time		Hp poly Clariti Manager Hp
References	~~() https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037 -~~	() https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8

25 Jul 2025, 15:29

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una posible escalada de privilegios mediante una vulnerabilidad de Sudo en Poly Clariti Manager para versiones anteriores a la 10.12.2. Esta falla de firmware no implementa correctamente los controles de acceso. HP ha solucionado el problema en la última actualización de software.

23 Jul 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-23 00:15

Updated : 2025-10-02 17:41

NVD link : CVE-2025-43487

Mitre link : CVE-2025-43487

CVE.ORG link : CVE-2025-43487

JSON object : View

Products Affected

hp

poly_clariti_manager

CWE

CWE-250

Execution with Unnecessary Privileges

{"id": "CVE-2025-43487", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-23T00:15:25.340", "references": [{"url": "https://support.hp.com/us-en/document/ish_12781425-12781447-16/hbsbpy04037", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-250"}]}], "descriptions": [{"lang": "en", "value": "A potential privilege escalation through Sudo vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The firmware flaw does not properly implement access controls. HP has addressed the issue in the latest software update."}, {"lang": "es", "value": "Se ha identificado una posible escalada de privilegios mediante una vulnerabilidad de Sudo en Poly Clariti Manager para versiones anteriores a la 10.12.2. Esta falla de firmware no implementa correctamente los controles de acceso. HP ha solucionado el problema en la \u00faltima actualizaci\u00f3n de software."}], "lastModified": "2025-10-02T17:41:10.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:poly_clariti_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82C289E5-06F3-48F9-8C75-6CCFE4686F5C", "versionEndExcluding": "10.12.2"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}