Critical Lexmark Printer Flaw Enables Remote Code Execution

A critical security vulnerability, tracked as CVE-2025-1127, has been identified in the embedded web servers of numerous Lexmark printer models, putting enterprise and small business environments at risk.

The flaw, which combines a path traversal bug (CWE-22) with a concurrent execution (race condition) issue (CWE-362), allows attackers to execute arbitrary code and modify any data on the affected device’s filesystem.

The vulnerability, first publicly disclosed on February 13, 2025, carries a CVSS v3.1 base score of 9.1, classifying it as “Critical.”

The impact subscore is 6.0, while the exploitability subscore is 2.3, reflecting the significant risk posed by remote exploitation under certain conditions.

Technical Details: Path Traversal and Race Condition

The vulnerability arises from improper input validation when the device’s web server constructs file paths using external input.

Specifically, the server fails to neutralize special elements such as “../” (dot-dot-slash), allowing attackers to escape from restricted directories and access or modify files elsewhere on the system—a classic path traversal scenario.

Compounding the risk, a race condition exists in the concurrent handling of file operations.

This means that if two processes attempt to access or modify the same resource simultaneously, an attacker could exploit the timing window to inject malicious code or manipulate files, bypassing normal security checks.

The vulnerability can be exploited by an attacker with high-privilege authenticated access.

Successful exploitation enables:

• Remote arbitrary code execution as an unprivileged user
• Modification of any file on the device’s filesystem
• Potential compromise of system integrity and availability
• Unauthorized access to sensitive data

The technical identifiers for this flaw are:

• CVE: CVE-2025-1127
• CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)

Affected Models, Mitigation, and Vendor Response

A wide range of Lexmark models are affected, including CX950, XC9525, MX953, CX961, XC9635, CS963, CX833, MS531, MX532, CS531, CX930, XC9325, CS943, MX432, CX730, CS730, MS321, M1242, B2338, MS622, MX321, MB2338, MS725, B2865, MS822, MX721, XM5365, MB2770, CS622, CS421, C2325, CX522, MC2535, CX421, MC2325, B2236, MS331, M1342, B3442, XM1342, MX331, MB3442, C3426, CS431, CS331, C3224, C2326, MC3426, CX431, XC2326, MC3426, MC3224, CX331, CX820, XC6152, CS820, C6160, CS720, C4150, CX725, XC4140, CS921, C9235, CX920, XC9225, and more1.

To determine if a device is vulnerable, users should check the firmware version via the operator panel under “Settings” → “Reports” → “Menu Setting Page.”

Devices running firmware versions listed under “Affected Releases” must be updated to the corresponding “Fixed Release”.

Mitigation steps:

• Apply the latest firmware updates provided by Lexmark. Firmware downloads and support can be accessed through Lexmark’s official support portal.
• Set an administrative password on the device to block untrusted users from exploiting the flaw.
• Implement strict access controls and monitor for unauthorized file modifications.

Vendor Response:

Lexmark has released firmware patches for all affected models and recommends immediate updates. No known malicious exploitation has been reported to date.

The vulnerability was responsibly disclosed by the DEVCORE Research Team via Trend Micro’s Zero Day Initiative.

Sample Code Snippet Illustrating Path Traversal Risk:

c// Vulnerable code example
char filePath[256];
snprintf(filePath, sizeof(filePath), "/var/www/data/%s", userInput);
FILE *fp = fopen(filePath, "r");

If userInput is set to "../../etc/passwd"The attacker could access sensitive system files.

Organizations using Lexmark devices should urgently review their fleet for affected models and firmware, apply patches, and enforce best security practices to mitigate the risk from CVE-2025-11271.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates