{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11531","assignerOrgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","state":"PUBLISHED","assignerShortName":"hp","dateReserved":"2025-10-08T19:07:15.960Z","datePublished":"2025-12-09T18:29:51.181Z","dateUpdated":"2025-12-09T19:26:04.775Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"HP System Event Utility","vendor":"HP Inc","versions":[{"lessThan":"3.2.12","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"Omen Gaming Hub","vendor":"HP Inc","versions":[{"lessThan":"1101.2511.101.0","status":"affected","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:hp_inc:hp_system_event_utility:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.12","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:a:hp_inc:omen_gaming_hub:*:*:*:*:*:*:*:*","versionEndExcluding":"1101.2511.101.0","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HP System Event Utility and Omen Gaming Hub might allow execution of \ncertain files outside of their restricted paths. This\n               potential vulnerability was remediated with HP System \nEvent Utility version 3.2.12 and Omen Gaming Hub version \n1101.2511.101.0."}],"value":"HP System Event Utility and Omen Gaming Hub might allow execution of \ncertain files outside of their restricted paths. This\n               potential vulnerability was remediated with HP System \nEvent Utility version 3.2.12 and Omen Gaming Hub version \n1101.2511.101.0."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":4.8,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"74586083-13ce-40fd-b46a-8e5d23cfbcb2","shortName":"hp","dateUpdated":"2025-12-09T18:29:51.181Z"},"references":[{"url":"https://support.hp.com/us-en/document/ish_13537533-13537555-16/hpsbgn04079"}],"source":{"discovery":"UNKNOWN"},"title":"HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-09T19:25:57.896127Z","id":"CVE-2025-11531","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-09T19:26:04.775Z"}}]}}