CVE-2025-11531
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: HP Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hp | omen_gaming_hub | 1101.2511.101.0 |
| hp | system_event_utility | 3.2.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update HP System Event Utility to version 3.2.12 or later and Omen Gaming Hub to version 1101.2511.101.0 or later.
Can you explain this vulnerability to me?
This vulnerability involves HP System Event Utility and Omen Gaming Hub potentially allowing execution of certain files outside of their restricted paths, which means unauthorized files could be run. It was fixed in HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0.
How can this vulnerability impact me? :
The vulnerability could allow execution of unauthorized files, potentially leading to security risks such as unauthorized code execution or privilege escalation on affected systems.