CVE-2025-43486 MEDIUM

CVE-2025-43486: Poly Clariti Manager - Multiple Security Vulnerabilities

Vendor Hp Inc.
Product Poly Clariti Manager
Weakness CWE-79 · XSS
Published July 22, 2025
Last update July 23, 2025

CVSS base score

5.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

A potential stored cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website allows user input to be stored and rendered without proper sanitization. HP has addressed the issue in the latest software update.

Key dates

02Disclosure timeline

July 22, 2025 CVE published
July 23, 2025 Record updated