HP Poly VoIP vulnerability sets the stage for executive voice deepfakes
Summary
HP released patches for a critical buffer overflow vulnerability (a coding flaw where too much data is written into a fixed-size memory container) in its Poly Voice conference phones that could allow attackers without authentication to gain root access (complete control of the operating system) and record conversations for voice deepfakes (AI-generated fake audio impersonations). The flaw exists in code that processes ICE (Interactive Connectivity Establishment, a feature for establishing direct network connections) requests and affects multiple Poly phone models.
Solution / Mitigation
HP has fixed the vulnerability in Poly Unified Communications Software (UCS) versions 6.4.8 for VVX devices, 8.1.7 for Trio 8300, and 7.2.8 for Trio 8500 and 8800 phones. Additionally, HP advises administrators to disable the ICE feature if it is not needed, since it is not enabled by default on HP Poly devices.
Classification
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://www.csoonline.com/article/4180223/hp-poly-voip-vulnerability-sets-the-stage-for-executive-voice-deepfakes.html
First tracked: June 2, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 75%