CVE-2025-43020
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-10-02
Assigner: HP Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hp | poly_clariti_manager | to 10.12.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential command injection issue in Poly Clariti Manager versions prior to 10.12.2. It allows a privileged user to submit arbitrary input, which could be executed by the system, potentially leading to unauthorized command execution.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a privileged user to execute arbitrary commands on the affected system, potentially leading to unauthorized actions, system compromise, or disruption of services.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Poly Clariti Manager software to version 10.12.2 or later, as HP has addressed the issue in this latest software update.