CVE-2025-65080
📋 TL;DR
A type confusion vulnerability in the Postscript interpreter of Lexmark devices allows attackers to execute arbitrary code as an unprivileged user. This affects various Lexmark printers and multifunction devices that process Postscript files. Attackers could potentially gain control of affected devices through malicious Postscript files.
💻 Affected Systems
- Various Lexmark printers and multifunction devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full device compromise allowing attacker to install persistent malware, pivot to internal networks, exfiltrate data, or use device as part of botnet
Likely Case
Local privilege escalation leading to unauthorized access to device functions, configuration changes, or data stored on device memory
If Mitigated
Limited impact if network segmentation prevents device access and Postscript processing is disabled
🎯 Exploit Status
Exploitation requires sending malicious Postscript files to vulnerable devices. No public exploit code available yet.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lexmark security advisory for specific firmware versions
Vendor Advisory: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Restart Required: Yes
Instructions:
1. Visit Lexmark security advisory page 2. Identify affected device models 3. Download latest firmware from Lexmark support 4. Apply firmware update following manufacturer instructions 5. Reboot device
🔧 Temporary Workarounds
Disable Postscript Processing
allDisable Postscript interpreter if not required for business operations
Network Segmentation
allIsolate printers on separate VLAN with restricted access
🧯 If You Can't Patch
- Implement strict network access controls to prevent unauthorized access to printer management interfaces
- Monitor for suspicious Postscript file transfers to printer devices
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against patched versions in Lexmark advisoryCheck Version:
Check printer web interface or control panel for firmware versionVerify Fix Applied:
Confirm firmware version matches or exceeds patched version listed in advisory📡 Detection & Monitoring
Log Indicators:
- Unusual Postscript file processing errors
- Multiple failed print jobs with Postscript files
- Unexpected device reboots
Network Indicators:
- Unusual network traffic to printer ports (9100/tcp, 515/tcp)
- Postscript files from unexpected sources
SIEM Query:
source="printer_logs" AND (event="postscript_error" OR event="firmware_crash")