CVE-2025-65078

CRITICAL

Lexmark - Code Injection

Title source: llm

Description

An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.

References (1)

[Various Sources] https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

Scores

CVSS v4 9.3

EPSS 0.0005

EPSS Percentile 15.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-426

Status published

Products (2)

Lexmark/CSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG < 230.507

Lexmark/MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ < 250.210

Published Feb 03, 2026

Tracked Since Feb 18, 2026