Information Disclosure Risk in HP Card Readers B Models
CVE-2025-11998

6.8MEDIUM

Key Information:

Vendor: HP
Status: Card Readers B Model
Vendor: CVE Published:; 30 October 2025

What is CVE-2025-11998?

HP Card Readers B Models (X3D03B & Y7C05B) are susceptible to a vulnerability that facilitates information disclosure under specific conditions. This occurs when an NFC device, such as a smartphone or smartwatch, is near the card reader during card swipe events, potentially allowing previous user identities to be established and misused. It's crucial for users to ensure their NFC devices are secured and to monitor access to these card readers to mitigate the associated risks.

Affected Version(s)

Card Readers B Model 1.0

References

https://support.hp.com/us-en/document/ish_13175687-131757...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Oct 20, 2025

JSON