
CVE-2025-43490 – HP Hotkey Support – Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-43490
15 Aug 2025 — A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. • https://support.hp.com/us-en/document/ish_12893367-12893393-16/hpsbhf04044 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2025-43018 – Certain HP LaserJet Pro Printers – Potential Information Disclosure
https://notcve.org/view.php?id=CVE-2025-43018
30 Jul 2025 — Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. Algunas impresoras HP LaserJet Pro pueden ser vulnerables a la divulgación de información cuando un usuario no autenticado consulta la libreta de direcciones local de un dispositivo. • https://support.hp.com/us-en/document/ish_12807011-12807034-16/hpsbpi04040 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2025-43023 – HP Linux Imaging and Printing Software - Use of DSA Key
https://notcve.org/view.php?id=CVE-2025-43023
28 Jul 2025 — A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). Se ha identificado una posible vulnerabilidad de seguridad en HP Linux Imaging and Printing Software documentation. Esta vulnerabilidad se debe al uso de una clave de firma de código débil, el algoritmo de firma digital (DSA). • https://support.hp.com/us-en/document/ish_12804224-12804228-16/hpsbpi04033 • CWE-347: Improper Verification of Cryptographic Signature •

CVE-2025-43026 – HP Support Assistant – Potential Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-43026
05 Jun 2025 — A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. • https://support.hp.com/us-en/document/ish_12617979-12618008-16/hpsbgn04022 • CWE-281: Improper Preservation of Permissions •

CVE-2025-1697 – HP Touchpoint Analytics Service – Potential Escalation of Privilege
https://notcve.org/view.php?id=CVE-2025-1697
18 Apr 2025 — A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability. Se ha identificado una posible vulnerabilidad de seguridad en HP Touchpoint Analytics Service para ciertos productos de PC HP con versiones anteriores a la 4.2.2439. Esta vulnerabilidad podría permit... • https://support.hp.com/us-en/document/ish_12269975-12269997-16/hpsbgn04008 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2025-26508 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26508
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-787: Out-of-bounds Write •

CVE-2025-26507 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26507
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows local attackers to escalate privileges on affected installations of HP LaserJet Pro MFP 3301fdw printers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the suidex... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-26506 – Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-26506
14 Feb 2025 — Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP 3301fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of PostScript data. The issue results from the lack of p... • https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-0858 – Certain Poly Devices – Path Traversal Vulnerability - Arbitrary File Access by Unauthorized User
https://notcve.org/view.php?id=CVE-2025-0858
05 Feb 2025 — A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in Poly Edge E devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. • https://support.hp.com/us-en/document/ish_11926124-11926148-16/hpsbpy03996 • CWE-35: Path Traversal: '.../ •

CVE-2025-1003 – HP Anyware Agent for Linux – Potential Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-1003
03 Feb 2025 — A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability. • https://support.hp.com/us-en/document/ish_11920613-11920636-16 • CWE-273: Improper Check for Dropped Privileges •