CVE-2025-12785

Summary

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Affected Software

VendorProductVersion RangeStatus
HP IncHP Color LaserJet MFP M478-M479 series0 < 002_2539Eaffected
HP IncHP Color LaserJet Pro M453-M454 series0 < 002_2539Eaffected
HP IncHP LaserJet Pro M304-M305 Printer series0 < 002_2539Eaffected
HP IncHP LaserJet Pro M404-M405 Printer series0 < 002_2539Eaffected
HP IncHP LaserJet Pro MFP M428-M429 f series0 < 002_2539Eaffected
HP IncHP LaserJet Pro MFP M428-M429 series0 < 002_2539Eaffected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References