Remote Code Execution and Privilege Escalation in HP LaserJet Printers
CVE-2025-26508

8.3HIGH

Key Information:

Vendor: HP, Inc.
Status: Certain HP Laserjet Pro, HP Laserjet Enterprise, HP Laserjet Managed Printers
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-26508?

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers are identified as potentially vulnerable to Remote Code Execution and Elevation of Privilege. This vulnerability arises when the printers process malicious PostScript print jobs, which could allow attackers to execute arbitrary code remotely or escalate their privileges within the system. It is recommended that users and organizations promptly apply relevant patches and security updates to mitigate these risks.

Affected Version(s)

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers See HP security bulletin reference for affected versions

References

https://support.hp.com/us-en/document/ish_11953771-119537...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Feb 11, 2025

HP, Inc.

What is CVE-2025-26508?

Affected Version(s)

References

CVSS V4

Timeline