CVE-2025-65081
📋 TL;DR
An out-of-bounds read vulnerability in the Postscript interpreter of Lexmark devices allows attackers to execute arbitrary code as an unprivileged user. This affects various Lexmark printers and multifunction devices that process Postscript files. Attackers could potentially gain control of affected devices through malicious Postscript files.
💻 Affected Systems
- Various Lexmark printers and multifunction devices
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, lateral movement to connected networks, data exfiltration, and persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain unprivileged user access, potentially leading to further exploitation or denial of service.
If Mitigated
Limited impact with proper network segmentation and access controls, potentially only affecting isolated printer functionality.
🎯 Exploit Status
Exploitation requires sending malicious Postscript files to vulnerable devices. No public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Lexmark security advisory for specific firmware versions
Vendor Advisory: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Restart Required: Yes
Instructions:
1. Visit Lexmark security advisory page
2. Identify affected device models
3. Download latest firmware from Lexmark support
4. Apply firmware update following manufacturer instructions
5. Reboot device after update
🔧 Temporary Workarounds
Disable Postscript processing
allDisable Postscript interpreter if not required for business operations
Check device web interface > Settings > Print Features > Disable Postscript
Network segmentation
allIsolate printers on separate VLAN with restricted access
🧯 If You Can't Patch
- Implement strict network access controls to limit printer access to trusted users only
- Monitor for suspicious Postscript file submissions and implement file type filtering
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Lexmark advisory. Devices with vulnerable Postscript interpreter are affected.Check Version:
Check device web interface > Settings > About or use Lexmark device management toolsVerify Fix Applied:
Verify firmware version has been updated to patched version specified in Lexmark advisory📡 Detection & Monitoring
Log Indicators:
- Unusual Postscript processing errors
- Multiple failed print jobs with Postscript files
- Unexpected device reboots
Network Indicators:
- Unusual network traffic to printer ports (9100/tcp, 515/tcp)
- Postscript files from unexpected sources
SIEM Query:
source="printer_logs" AND ("Postscript error" OR "memory violation" OR "out of bounds")