CVE-2025-43491

EPSS 0.07%
Veröffentlicht 09.09.2025 20:29:47
Zuletzt bearbeitet 16.01.2026 16:36:19
Quelle hp-security-alert@hp.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hp ≫ Poly Lens Desktop Version < 2.3

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.215

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hp-security-alert@hp.com	7.3	0	0	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-99 Improper Control of Resource Identifiers ('Resource Injection')

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

https://support.hp.com/us-en/document/ish_12979589-12979615-16/hpsbpy04048

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-43491

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-43491

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-43491

EUVD