CVE-2025-14432

MEDIUM

Microsoft Teams Admin Center - Info Disclosure

Title source: llm

Description

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

References (1)

[Vendor Advisory] https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 14.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

hp/poly_tcos < 6.6.1-7001859

hp/poly_videoos < 4.6.1-444242

Published Dec 16, 2025

Tracked Since Feb 18, 2026