CVE-2025-14432

MEDIUM

Microsoft Teams Admin Center - Info Disclosure

Title source: llm

Description

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center (TAC) to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration changes made using the provisioning server or the device WebUI.

References (1)

[Vendor Advisory] https://support.hp.com/us-en/document/ish_13612310-13612332-16/hpsbpy04080

Scores

CVSS v3 4.9

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-532

Status published

Affected Products (2)

hp/poly_videoos < 4.6.1-444242

hp/poly_tcos < 6.6.1-7001859

Timeline

Published Dec 16, 2025

Tracked Since Feb 18, 2026