Remote Code Execution Vulnerability in HP LaserJet Printers
CVE-2025-26507

6.3MEDIUM

Key Information:

Vendor: HP, Inc.
Status: Certain HP Laserjet Pro, HP Laserjet Enterprise, HP Laserjet Managed Printers
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-26507?

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers have a vulnerability that could allow attackers to execute arbitrary code or elevate privileges while processing PostScript print jobs. This could lead to unauthorized access and impact the integrity and confidentiality of printed documents. Users are urged to apply the latest security updates and follow recommended practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers See HP security bulletin reference for affected versions

References

https://support.hp.com/us-en/document/ish_11953771-119537...

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Feb 11, 2025

HP, Inc.

What is CVE-2025-26507?

Affected Version(s)

References

CVSS V4

Timeline