Information Exposure in CleverDisplay BlueOne Hardware Player
CVE-2025-36755

2.4LOW

Key Information:

Vendor: Cleverdisplay B.v.
Status: Blueone (cleverdisplay Hardware Player)
Vendor: CVE Published:; 12 December 2025

🔔 Create Cleverdisplay B.v. Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2025-36755?

The CleverDisplay BlueOne hardware player contains a vulnerability that allows unauthorized access to its BIOS setup interface after bypassing its protective enclosure. Although the internal USB interfaces are designed to be inaccessible during normal operation, this vulnerability exposes system information that could aid potential attackers, significantly increasing the attack surface. However, despite this exposure, the integrity and availability of the device remain intact under standard configurations.

Affected Version(s)

BlueOne (CleverDisplay Hardware Player) 12.11.1

BlueOne (CleverDisplay Hardware Player) 12.12.1

References

https://csirt.divd.nl/CVE-2025-5743/

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00043

third-party-advisory

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Dec 12, 2025
Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Alwin Warringa, Tom Dantuma, Ruben Meeuwissen, and Ramon Dunker.

Dennis Kussendrager (DIVD)

Victor Pasman (DIVD)

JSON