CVE-2025-43020

CWE-78 — OS Command Injection3 documents3 sources

Severity

5.7MEDIUM

EPSS

0.0%

top 91.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Poly Clariti Manager HP Inc. Poly Clariti Manager

Timeline

PublishedJul 22

Latest updateJul 23

Description

A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Affected Packages2 packages

▶NVDhp/poly_clariti_manager< 10.12.2

▶CVEListV5hp_inc./poly_clariti_managerSee HP Security Bulletin reference for affected versions.

🔴Vulnerability Details

GHSA

GHSA-q28r-vqvg-9cmh: A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10↗2025-07-23

▶

CVEList

Poly Clariti Manager - Multiple Security Vulnerabilities↗2025-07-22

▶