{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-65077", "assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853", "state": "PUBLISHED", "assignerShortName": "Lexmark", "dateReserved": "2025-11-17T13:56:38.587Z", "datePublished": "2026-02-03T20:44:32.330Z", "dateUpdated": "2026-02-03T20:44:32.330Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ", "vendor": "Lexmark", "versions": [{"lessThan": "250.210", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "CSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG", "vendor": "Lexmark", "versions": [{"lessThan": "230.507", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."}], "value": "A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.\n\n<br>"}], "value": "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory."}], "impacts": [{"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7bc73191-a2b6-4c63-9918-753964601853", "shortName": "Lexmark", "dateUpdated": "2026-02-03T20:44:32.330Z"}, "references": [{"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Relative path traversal vulnerability in Embedded Solutions Framework", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lexmark recommends a firmware update if your device has affected firmware.\n\n<br>"}], "value": "Lexmark recommends a firmware update if your device has affected firmware."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."}], "id": "CVE-2025-65077", "lastModified": "2026-02-04T16:33:44.537", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "7bc73191-a2b6-4c63-9918-753964601853", "type": "Secondary"}]}, "published": "2026-02-03T21:16:11.120", "references": [{"source": "7bc73191-a2b6-4c63-9918-753964601853", "url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"}], "sourceIdentifier": "7bc73191-a2b6-4c63-9918-753964601853", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "7bc73191-a2b6-4c63-9918-753964601853", "type": "Secondary"}]}

{}

{"created": "2026-02-04T12:05:28.848429+00:00", "updated": "2026-02-04T12:05:28.848455+00:00", "vendors": ["lexmark", "lexmark$PRODUCT$cslbl", "lexmark$PRODUCT$cslbn", "lexmark$PRODUCT$csngv", "lexmark$PRODUCT$csnzj", "lexmark$PRODUCT$cstat", "lexmark$PRODUCT$cstgv", "lexmark$PRODUCT$cstls", "lexmark$PRODUCT$cstmh", "lexmark$PRODUCT$cstmm", "lexmark$PRODUCT$cstpc", "lexmark$PRODUCT$cstpp", "lexmark$PRODUCT$cstzj", "lexmark$PRODUCT$cxlbl", "lexmark$PRODUCT$cxlbn", "lexmark$PRODUCT$cxnzj", "lexmark$PRODUCT$cxtat", "lexmark$PRODUCT$cxtgv", "lexmark$PRODUCT$cxtls", "lexmark$PRODUCT$cxtmh", "lexmark$PRODUCT$cxtmm", "lexmark$PRODUCT$cxtpc", "lexmark$PRODUCT$cxtpp", "lexmark$PRODUCT$cxtzj", "lexmark$PRODUCT$mslbd", "lexmark$PRODUCT$mslsg", "lexmark$PRODUCT$msngm", "lexmark$PRODUCT$msngw", "lexmark$PRODUCT$msnsn", "lexmark$PRODUCT$mstgm", "lexmark$PRODUCT$mstgw", "lexmark$PRODUCT$mstsn", "lexmark$PRODUCT$mxlbd", "lexmark$PRODUCT$mxlsg", "lexmark$PRODUCT$mxngm", "lexmark$PRODUCT$mxtct", "lexmark$PRODUCT$mxtgm", "lexmark$PRODUCT$mxtgw", "lexmark$PRODUCT$mxtls", "lexmark$PRODUCT$mxtpm", "lexmark$PRODUCT$mxtsn"]}