ISN 2025-05: HP Anyware Vulnerability

First published 5 May 2025

CVSS 3.1: 8.5 (High)

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

A security vulnerability has been found in the HP Anyware Agent for Linux available for IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

It has been discovered that HP Anyware Agent for Linux might allow for an authentication bypass that may result in escalation of privilege. This is tracked as CVE-2025-1003 and rated as high.

Update Instructions

• OS 12: Update to the HP Anyware Agent for Linux OS 12 App in version 25.03.1 or newer from the IGEL App Portal when available.

• OS 11: Update to IGEL OS 11.11.100 when available (planned for August).

References

• HP Advisory: https://support.hp.com/us-en/document/ish_11920613-11920636-16

• CVE-2025-1003 at NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1003