CVE-2025-65080

Summary

A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

Affected Software

VendorProductVersion RangeStatus
LexmarkMXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ0 < 250.210affected
LexmarkCSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG0 < 230.506affected

Weaknesses

  • CWE-843: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

Workarounds

Lexmark recommends a firmware update if your device has affected firmware.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References