CVE-2025-0858

A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.

CVSS

No CVSS.

References

Link	Resource
https://support.hp.com/us-en/document/ish_11926124-11926148-16/hpsbpy03996

Configurations

No configuration.

History

27 Mar 2025, 14:15

Type	Values Removed	Values Added
Summary		(es) Se descubrió una vulnerabilidad en las compilaciones de firmware hasta la versión 8.2.1.0820 en los dispositivos Poly Edge E. La falla del firmware no previene adecuadamente Path Traversal y podría provocar la divulgación de información.
Summary	~~(en) A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.~~	(en) A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.

05 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-05 15:15

Updated : 2025-03-27 14:15

NVD link : CVE-2025-0858

Mitre link : CVE-2025-0858

CVE.ORG link : CVE-2025-0858

JSON object : View

Products Affected

No product.

CWE

CWE-35

Path Traversal: '.../...//'

{"id": "CVE-2025-0858", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-05T15:15:21.580", "references": [{"url": "https://support.hp.com/us-en/document/ish_11926124-11926148-16/hpsbpy03996", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "hp-security-alert@hp.com", "description": [{"lang": "en", "value": "CWE-35"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad en las compilaciones de firmware hasta la versi\u00f3n 8.2.1.0820 en los dispositivos Poly Edge E. La falla del firmware no previene adecuadamente Path Traversal y podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-03-27T14:15:21.803", "sourceIdentifier": "hp-security-alert@hp.com"}