CVE-2025-4044 is a vulnerability classified under CWE-611, which pertains to Improper Restriction of XML External Entity Reference (XXE). This vulnerability exists in the Lexmark Universal Print Driver for Windows, a widely used print driver that supports multiple Lexmark printer models. The flaw allows an attacker with low privileges on a Windows system to exploit the driver’s XML parsing functionality to send sensitive information to an arbitrary external URL. The vulnerability arises because the driver does not properly restrict or sanitize XML external entity references, enabling an attacker to craft malicious XML input that triggers the disclosure of local files or internal system data. The CVSS v3.1 score of 8.2 reflects high severity, with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. The impact metrics show high confidentiality, integrity, and availability impacts, meaning the attacker can leak sensitive data, potentially modify data, and disrupt printing services. Although no public exploits are known at this time, the vulnerability’s characteristics make it a significant risk in environments where the Lexmark Universal Print Driver is deployed. The vulnerability was reserved in April 2025 and published in August 2025, but no patches have been linked yet, indicating organizations must be vigilant and prepare to apply fixes promptly once released.

The potential impact of CVE-2025-4044 is substantial for organizations using Lexmark Universal Print Drivers on Windows systems. Successful exploitation can lead to unauthorized disclosure of sensitive information, including potentially confidential documents or system files, to attacker-controlled external URLs. This compromises confidentiality and can facilitate further attacks such as credential theft or lateral movement. The integrity of printing operations may also be affected if attackers manipulate XML data or disrupt print jobs, impacting business continuity. Availability is at risk as well, since exploitation could cause denial of service conditions in printing services. Given the driver’s common use in enterprise and government environments, the vulnerability could expose critical infrastructure and sensitive data. The requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate risk, especially in environments with many users or where social engineering could be employed. The lack of known exploits currently provides a window for proactive mitigation, but the high CVSS score underscores the urgency for organizations to address this vulnerability to prevent potential data breaches and operational disruptions.

1. Monitor Lexmark’s official channels for patches or updates addressing CVE-2025-4044 and apply them immediately upon release. 2. Until patches are available, restrict access to systems with Lexmark Universal Print Drivers to trusted users only, minimizing the risk of local exploitation. 3. Disable or restrict XML external entity processing in the print driver configuration if possible, or apply system-wide XML parser hardening policies to prevent XXE attacks. 4. Implement application whitelisting and endpoint protection to detect and block suspicious activities related to XML parsing or unusual network connections from print driver processes. 5. Educate users about the risks of interacting with untrusted print jobs or prompts that could trigger the vulnerability. 6. Employ network monitoring to detect anomalous outbound traffic to unknown URLs that could indicate data exfiltration attempts. 7. Conduct regular audits of print driver versions deployed across the organization to identify and remediate vulnerable instances. 8. Consider isolating print servers or workstations running the vulnerable driver in segmented network zones to limit potential lateral movement.