CVE-2025-65077 is a path traversal vulnerability classified under CWE-22, discovered in the Embedded Solutions Framework of various Lexmark multifunction printers and embedded devices. The vulnerability arises from improper limitation of pathname inputs, allowing an attacker to traverse directories outside the intended restricted directory scope. This flaw can be exploited remotely over the network without any authentication or user interaction, as indicated by the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N). Successful exploitation allows arbitrary code execution with unprivileged user rights, potentially enabling attackers to manipulate device functions, access sensitive data stored on the device, or use the device as a foothold for further network compromise. The affected products include a broad range of Lexmark models (MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ), which are widely deployed in enterprise and governmental environments. Although no public exploits have been reported yet, the vulnerability’s characteristics make it a high-risk issue that could be weaponized by attackers to compromise device integrity and potentially pivot into internal networks. The lack of authentication and user interaction requirements significantly lowers the barrier for exploitation. The vulnerability was reserved in late 2025 and published in early 2026, with no patches currently listed, emphasizing the need for immediate attention from affected organizations.

For European organizations, the impact of CVE-2025-65077 is substantial. Lexmark devices are commonly used in office environments for printing, scanning, and document management, often containing sensitive corporate or governmental information. Exploitation could lead to unauthorized access to confidential documents, alteration or deletion of stored data, and disruption of printing services, impacting business continuity. Moreover, compromised devices could serve as entry points for lateral movement within corporate networks, increasing the risk of broader cyberattacks such as ransomware or espionage. Critical sectors including finance, healthcare, government, and manufacturing in Europe could face operational disruptions and data breaches. The vulnerability’s network accessibility and lack of authentication requirement make it particularly dangerous in environments where devices are exposed to untrusted networks or insufficiently segmented internal networks. Additionally, the integrity of document workflows could be undermined, affecting compliance with data protection regulations such as GDPR.

Immediate mitigation steps include isolating affected Lexmark devices from untrusted networks and restricting network access to trusted management segments only. Organizations should implement strict network segmentation and firewall rules to limit exposure of these devices. Monitoring network traffic for unusual activity targeting Lexmark device management ports can help detect exploitation attempts. Until official patches are released by Lexmark, applying virtual patching via intrusion prevention systems (IPS) or endpoint detection and response (EDR) solutions that can block path traversal attempts is advisable. Regularly auditing device firmware versions and subscribing to Lexmark security advisories will ensure timely application of patches once available. Additionally, disabling unnecessary services and interfaces on the devices can reduce the attack surface. Organizations should also review and enforce strong access controls and logging on these devices to detect and respond to suspicious activities promptly.