CVE-2025-43017
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-10-30
Assigner: HP Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hp | thinpro | 8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HP ThinPro 8.1 System management application occurs because the application fails to verify the user's true identity properly. This means that the system management application might incorrectly authenticate users, potentially allowing unauthorized access or actions.
How can this vulnerability impact me? :
The impact of this vulnerability could be significant unauthorized access to system management functions, which may lead to system compromise, data breaches, or disruption of services. Since the vulnerability involves failure to verify user identity, attackers with limited privileges might escalate their access or perform unauthorized operations.
What immediate steps should I take to mitigate this vulnerability?
Apply the update HP ThinPro 8.1 SP8 released by HP, which includes fixes to mitigate this vulnerability.