CVE-2025-1127

Summary

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

Affected Software

VendorProductVersion RangeStatus
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTLS.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTLS.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTLS.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNSN.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTSN.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTSN.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSNGV.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTGV.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTGV.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTPC.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTPC.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTCT.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTPM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTMM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTMM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNGM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTGM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXNGM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTGM.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSNGW.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSTGW.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXTGW.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTZJ.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSNZJ.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTZJ.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXNZJ.240.205affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSLSG.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXLSG.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MSLBD.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= MXLBD.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSLBN.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSLBL.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXLBN.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXLBL.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTPP.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTPP.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTAT.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTAT.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CSTMH.240.407affected
LexmarkCX, XC, CS, MS, MX, XM, et. al.0 <= CXTMH.240.407affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References