CVE-2025-65077

Summary

A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Affected Software

VendorProductVersion RangeStatus
LexmarkMXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ0 < 250.210affected
LexmarkCSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG0 < 230.507affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workarounds

Lexmark recommends a firmware update if your device has affected firmware.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References