CVE-2025-0858 MEDIUM

CVE-2025-0858: Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User

Vendor Hp, Inc.
Product Certain Poly Devices
Weakness CWE-35
Published February 5, 2025
Last update March 27, 2025

CVSS base score

5.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.

Key dates

02Disclosure timeline

February 5, 2025 CVE published
March 27, 2025 Record updated