CVE-2025-14432 HIGH

CVE-2025-14432: Poly Video - Sensitive Data Might Be Written to Log File

Vendor Hp Inc
Product Poly G7500
Weakness CWE-532 · Sensitive info in logs
Published December 16, 2025
Last update December 17, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

Key dates

02Disclosure timeline

December 16, 2025 CVE published
December 17, 2025 Record updated