Untrusted Search Path Vulnerability in Lexmark Devices
CVE-2025-65078

9.3CRITICAL

Key Information:

Vendor: Lexmark
Status: Mxtct, Msngm, Mstgm, Mxngm, Mxtgm, Csngv, Cstgv, Cxtgv, Msngw, Mstgw, Mxtgw, Cstls, Cxtls, Mxtls, Cstmm, Cxtmm, Cstpc, Cxtpc, Mxtpm, Msnsn, Mstsn, Mxtsn, Csnzj, Cstzj, Cxnzj, Cxtzj; Cstat, Cxtat, Mslbd, Mxlbd, Cslbl, Cxlbl, Cslbn, Cxlbn, Cstmh, Cxtmh, Cstpp, Cxtpp, Mslsg, Mxlsg
Vendor: CVE Published:; 3 February 2026

Badges

👾 Exploit Exists

What is CVE-2025-65078?

A significant untrusted search path vulnerability has been discovered in the Embedded Solutions Framework utilized by a range of Lexmark devices. This security flaw allows attackers to potentially execute arbitrary code, posing serious risks to device integrity and data security. Users are encouraged to review security updates from Lexmark to mitigate the impact of this vulnerability.

Affected Version(s)

CSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG 0 < 230.507

MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ 0 < 250.210

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Feb 3, 2026
Vulnerability published
Feb 3, 2026
Vulnerability Reserved
Nov 17, 2025

CVE-2025-65078 Data

JSON