Remote Code Execution and Privilege Escalation in HP LaserJet Printers
CVE-2025-26508

8.3HIGH

Key Information:

Vendor: HP, Inc.
Status: Certain HP Laserjet Pro, HP Laserjet Enterprise, HP Laserjet Managed Printers
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-26508?

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers are identified as potentially vulnerable to Remote Code Execution and Elevation of Privilege. This vulnerability arises when the printers process malicious PostScript print jobs, which could allow attackers to execute arbitrary code remotely or escalate their privileges within the system. It is recommended that users and organizations promptly apply relevant patches and security updates to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers See HP security bulletin reference for affected versions

References

https://support.hp.com/us-en/document/ish_11953771-119537...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Feb 11, 2025

JSON

HP, Inc.