A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely.
Designated as CVE-2025-1127, this critical flaw affects the embedded web server in various Lexmark devices and poses significant risks to enterprise environments where these printers are widely deployed.
Lexmark has released firmware updates to address the issue, urging users to patch affected devices immediately.
.png
)
Critical Lexmark Printer Vulnerability
The security flaw, discovered by the DEVCORE Research Team in collaboration with Trend Micro’s Zero Day Initiative (ZDI), is a combination of two distinct vulnerabilities: a Path Traversal (CWE-22) and a Concurrent Execution (CWE-362) vulnerability in the embedded web server.
This powerful combination received a critical CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating its serious nature.
The Path Traversal element allows attackers to navigate outside intended directories to access unauthorized files, while the Concurrent Execution component creates a timing vulnerability that can be exploited to execute malicious code.
Security researchers have identified this as particularly dangerous because it “can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem”.
According to the Lexmark security advisory, the vulnerability affects firmware version .240.205 and earlier on most models.
The flaw was officially published in the National Vulnerability Database on February 13, 2025, and has since been closely monitored by security professionals.
| Risk Factors | Details |
| Affected Products | Lexmark CX, XC, CS, MS, MX, and XM series printers including CX950, MX953, CS963, MS531, CX532, CX930, MX931, MS622, MX421, XM1246, CS720, CX820, and CS921 (firmware ≤.240.205) |
| Impact | Execute Arbitrary Code |
| Exploit Prerequisites | High privileges (PR:H), requiring no user interaction (UI:N) |
| CVSS 3.1 Score | 9.1 (CRITICAL) |
Affected Models
The vulnerability impacts over 120 Lexmark printer models across multiple series, including CX, XC, CS, MS, MX, and XM families.
Specific models affected include popular enterprise printers such as CX950, MX953, CS963, MS531, CX532, CX930, MX931, MS622, MX421, XM1246, CS720, CX820, and CS921 among many others.
If successfully exploited, attackers could remotely execute code on vulnerable devices, potentially enabling them to hijack printers, access internal networks, steal sensitive documents being printed, or use compromised devices as pivot points for deeper network intrusions.
The vulnerability’s high CVSS score reflects the severe potential consequences, with maximum impact ratings for confidentiality, integrity, and availability.
“Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,” warns Lexmark in its official advisory.
This is particularly concerning for organizations that rely heavily on networked printing infrastructure, especially in sectors handling sensitive information.
Remediation Steps
Lexmark has released firmware updates to address the vulnerability across all affected product lines.
Users are advised to update to firmware version .240.206 or later (depending on the specific model) as soon as possible. To check their firmware version, users can select “Settings” → “Reports” → “Menu Setting Page” from the operator panel and review the information listed under “Device Information”.
For organizations unable to immediately update firmware, Lexmark has provided a temporary workaround: “Setting an administrative password on the device (as prompted to do so during initial setup) will prevent an untrusted user from executing this vulnerability”.
IT administrators responsible for printer fleet management should prioritize these updates, as the public disclosure of vulnerability details increases the likelihood of exploitation attempts.
While Lexmark states it “is not aware of any malicious use against Lexmark products of the vulnerability”, hence, proactive patching is essential given the critical nature of the flaw.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
