Remote Code Execution and Privilege Escalation in HP LaserJet Printers
CVE-2025-26508
8.3HIGH
Key Information:
- Vendor
- HP, Inc.
- Status
- Certain HP Laserjet Pro, HP Laserjet Enterprise, HP Laserjet Managed Printers
- Vendor
- CVE Published:
- 14 February 2025
Summary
Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers are identified as potentially vulnerable to Remote Code Execution and Elevation of Privilege. This vulnerability arises when the printers process malicious PostScript print jobs, which could allow attackers to execute arbitrary code remotely or escalate their privileges within the system. It is recommended that users and organizations promptly apply relevant patches and security updates to mitigate these risks.
Affected Version(s)
Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers See HP security bulletin reference for affected versions
References
CVSS V4
Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved