CVE-2025-9214

Summary

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.

Affected Software

VendorProductVersion RangeStatus
LenovoLJ2206W Printer0 < Ver.D(1.05)affected
LenovoM7206W Printer0 < Ver.Faffected
LenovoM7216NWA Printer0 < Ver.Faffected
LenovoM7256WHF Printer0 < Ver.Faffected
LenovoLJ2655DN Printer0 < Ver.E(1.06)affected
LenovoM7615DNA0 < Ver.Daffected
LenovoM7626DNA Printer0 < Ver.Daffected
LenovoM7628DNA Printer0 < Ver.Daffected
LenovoM7455DNF Printer0 < Ver.Eaffected
LenovoM7675DXF Printer0 < Ver.Eaffected
LenovoM7685DXF Printer0 < Ver.Eaffected
LenovoM7686DXF0 < Ver.Eaffected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References