CVE-2025-2268

Q: What is the severity of CVE-2025-2268?

CVE-2025-2268 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause denial of service on HP LaserJet MFP M232-M237 printers by sending specially crafted IPP requests. Organizations using these printers in their network are affected, potentially disrupting printing services.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause denial of service on HP LaserJet MFP M232-M237 printers by sending specially crafted IPP requests. Organizations using these printers in their network are affected, potentially disrupting printing services.

💻 Affected Systems

Products:

HP LaserJet MFP M232-M237 Printer Series

Versions: All firmware versions prior to the fix

Operating Systems: Printer firmware only

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the IPP service which is typically enabled by default on these printers.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Printer becomes completely unresponsive, requiring physical power cycle to restore functionality, disrupting all printing operations.

🟠

Likely Case

Temporary printer unavailability requiring manual intervention to restart the device.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting IPP exposure.

🌐 Internet-Facing: HIGH if printers are directly exposed to the internet via IPP port 631, as attackers can easily send crafted requests.

🏢 Internal Only: MEDIUM as internal attackers or compromised internal systems could exploit this to disrupt printing services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specially crafted IPP request to the printer's IPP service (typically port 631).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version with fix as specified in HP advisory

Vendor Advisory: https://support.hp.com/us-en/document/ish_12114154-12114176-16/hpsbpi04013

Restart Required: Yes

Instructions:

1. Visit HP support website. 2. Download latest firmware for your specific printer model. 3. Upload firmware via printer web interface or HP tools. 4. Reboot printer after installation.

🔧 Temporary Workarounds

Disable IPP Service

all

Disable Internet Printing Protocol service on affected printers

Network Segmentation

all

Isolate printers on separate VLAN with restricted access to IPP port 631

🧯 If You Can't Patch

Implement strict network access controls to limit IPP access to trusted hosts only
Monitor printer availability and have procedures for manual restart if DoS occurs

🔍 How to Verify

Check if Vulnerable:

Check current firmware version via printer web interface or control panel and compare with patched version in HP advisory

Check Version:

Access printer web interface at http://[printer-ip] and navigate to Information > Product Information

Verify Fix Applied:

Verify firmware version matches or exceeds the patched version specified in HP advisory

📡 Detection & Monitoring

Log Indicators:

Printer logs showing service crashes or restarts
Unusual IPP request patterns in network logs

Network Indicators:

Multiple malformed IPP requests to port 631
Sudden cessation of normal printer network traffic

SIEM Query:

source_ip:* dest_port:631 AND (http_method:POST OR protocol:IPP) AND size_bytes:[threshold]

📊 Metadata

CVE ID: CVE-2025-2268

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-241

EPSS Score: 0.17% exploit probability (38.6th percentile)

Published: March 14, 2025

Last Updated: January 16, 2026

🔗 References

https://support.hp.com/us-en/document/ish_12114154-12114176-16/hpsbpi04013 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

1y7d4a Firmware by Hp

2a129a Firmware by Hp

2a130a Firmware by Hp

2a130e Firmware by Hp

2u589a Firmware by Hp

2u589e Firmware by Hp

2u589f Firmware by Hp

6gw71a Firmware by Hp

6gw99a Firmware by Hp

6gw99e Firmware by Hp

6gx00a Firmware by Hp

6gx00e Firmware by Hp

6gx01a Firmware by Hp

6gx02e Firmware by Hp

6gx03a Firmware by Hp

6gx04a Firmware by Hp

6gx05a Firmware by Hp

6gx05e Firmware by Hp

6gx06a Firmware by Hp

6gx09a Firmware by Hp

6gx09e Firmware by Hp

6hu08a Firmware by Hp

7md69a Firmware by Hp

7md70a Firmware by Hp

7md70e Firmware by Hp

7md70f Firmware by Hp

7md71a Firmware by Hp

7md72a Firmware by Hp

7md72e Firmware by Hp

7md73a Firmware by Hp

7md74a Firmware by Hp

7md74e Firmware by Hp

7md75a Firmware by Hp

7md76a Firmware by Hp

7md76e Firmware by Hp

9yf88a Firmware by Hp

9yf89a Firmware by Hp

9yf90a Firmware by Hp

9yf91a Firmware by Hp

9yf91e Firmware by Hp

9yf92a Firmware by Hp

9yf94a Firmware by Hp

9yf95a Firmware by Hp

9yf96a Firmware by Hp

9yf97a Firmware by Hp

9yf98a Firmware by Hp

9yg02a Firmware by Hp

9yg02e Firmware by Hp

9yg05a Firmware by Hp

9yg05e Firmware by Hp

9yg08a Firmware by Hp

9yg09a Firmware by Hp

9yg10a Firmware by Hp

9yg11a Firmware by Hp