Server-Side Request Forgery in Lexmark Devices
CVE-2025-9269

6.9MEDIUM

Key Information:

Vendor: Lexmark
Status: Cx, Xc, Cs, Ms, Mx, Xm, Et. Al.
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-9269?

A Server-Side Request Forgery (SSRF) vulnerability exists in the embedded web server of multiple Lexmark devices. This flaw allows an attacker to manipulate the device into sending unauthorized HTTP requests to external servers. By exploiting this weakness, attackers may gain access to internal networks and potentially disclose sensitive data from the devices, thus compromising network integrity and confidentiality.

Affected Version(s)

CX, XC, CS, MS, MX, XM, et. al. 0

References

https://www.lexmark.com/en_us/solutions/security/lexmark-...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Aug 20, 2025

Credit

Chen Independent Security Researcher