CVE-2025-9269

MEDIUM

Lexmark Embedded Web Server - Server-Side Request Forgery

Title source: manual

Description

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.

References (1)

Core 1

Core References

Various Sources

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

Scores

CVSS v4 6.9

EPSS 0.0031

EPSS Percentile 22.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (50)

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSLBL.230.466

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSLBN.230.466

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSNGV.250.199

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSNZJ.250.199

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTAT.230.466

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTGV.250.199

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTLS.250.199

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTMH.230.466

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTMM.250.199

Lexmark/CX, XC, CS, MS, MX, XM, et. al. < CSTPC.250.199

... and 40 more

Published Sep 09, 2025

Tracked Since Feb 18, 2026