CVE-2025-43489 LOW

CVE-2025-43489: Poly Clariti Manager - Multiple Security Vulnerabilities

Vendor Hp Inc.

Product Poly Clariti Manager

Weakness CWE-502 · Unsafe deserialization

Published July 22, 2025

Last update July 23, 2025

View on NVD All CVEs

CVSS base score

2.0/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addressed the issue in the latest software update.

Key dates

02Disclosure timeline

July 22, 2025 CVE published

July 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-43489 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection CVE-2022-41922 yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input CVE-2025-7697 Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read CVE-2023-28782 WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection

Identifiers

CVE CVE-2025-43489

CWE CWE-502

CVSS 2.0 / LOW

Affected versions

Vendor Hp Inc.

Product Poly Clariti Manager

Affected See HP Security Bulletin reference for affected versions.