CVE-2025-43491
📋 TL;DR
A vulnerability in Poly Lens Desktop for Windows allows local attackers to modify filesystem permissions, potentially leading to SYSTEM privilege escalation. This affects Windows users running vulnerable versions of Poly Lens Desktop. Attackers need local access to exploit this vulnerability.
💻 Affected Systems
- Poly Lens Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full SYSTEM privilege compromise allowing complete control of the Windows system, installation of malware, credential theft, and lateral movement across the network.
Likely Case
Local privilege escalation from standard user to SYSTEM, enabling persistence mechanisms, disabling security controls, and accessing sensitive system resources.
If Mitigated
Limited impact if proper endpoint security controls, application whitelisting, and least privilege principles are enforced.
🎯 Exploit Status
Requires local access to the system. No public exploit code is currently available according to the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://support.hp.com/us-en/document/ish_12979589-12979615-16/hpsbpy04048
Restart Required: Yes
Instructions:
1. Download Poly Lens Desktop version 2.0.0 or later from official HP/Poly sources. 2. Close the Poly Lens Desktop application. 3. Run the installer and follow prompts. 4. Restart the system as required.
🔧 Temporary Workarounds
Uninstall Poly Lens Desktop
windowsRemove the vulnerable application entirely if not required
Control Panel > Programs > Uninstall a program > Select Poly Lens Desktop > Uninstall
Restrict Application Execution
windowsUse AppLocker or Windows Defender Application Control to block Poly Lens Desktop execution
🧯 If You Can't Patch
- Implement strict least privilege principles - ensure users don't have administrative rights
- Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Poly Lens Desktop version in Windows Settings > Apps > Apps & features or via 'wmic product get name,version' commandCheck Version:
wmic product where "name like '%Poly Lens Desktop%'" get name,versionVerify Fix Applied:
Verify installed version is 2.0.0 or higher using same methods as checking vulnerable📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing unexpected Poly Lens Desktop process behavior
- Security logs showing privilege escalation attempts
Network Indicators:
- Unusual outbound connections from Poly Lens Desktop processes
SIEM Query:
source="windows_security" AND (process_name="*PolyLens*" OR process_name="*LensDesktop*") AND (event_id="4688" OR event_id="4672")