CVE-2025-65078 is an untrusted search path vulnerability (CWE-426) identified in the Embedded Solutions Framework of numerous Lexmark device models, including MXTCT, MSNGM, MSTGM, MXNGM, and others. The vulnerability arises because the affected devices improperly handle the search path for executable files, allowing an attacker to place malicious executables in locations that the system searches before the legitimate ones. This flaw enables remote, unauthenticated attackers to execute arbitrary code with high privileges on the device without requiring any user interaction. The vulnerability is rated critical with a CVSS 4.0 score of 9.3, reflecting its network attack vector, low complexity, no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. The affected Lexmark devices are widely used in enterprise and government environments for printing and document management, making the vulnerability a significant risk for data breaches, device takeover, and disruption of services. No patches or official fixes have been published yet, and no known exploits have been observed in the wild, but the vulnerability's characteristics suggest it could be weaponized quickly. The issue was reserved in November 2025 and published in February 2026, indicating recent discovery and disclosure.

The impact of CVE-2025-65078 is severe for organizations globally that deploy the affected Lexmark devices. Successful exploitation allows attackers to gain full control over the device, potentially leading to unauthorized access to sensitive documents, interception or alteration of print jobs, and pivoting into internal networks. This can result in data leakage, disruption of business operations, and compromise of network integrity. Given the critical nature of printing infrastructure in many enterprises and government agencies, the vulnerability could be leveraged for espionage, sabotage, or ransomware deployment. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation. Organizations relying on these Lexmark models in sectors such as finance, healthcare, government, and manufacturing face heightened risks of operational disruption and data breaches.

Until official patches are released by Lexmark, organizations should implement the following mitigations: 1) Isolate affected Lexmark devices on segmented network zones with strict access controls to limit exposure. 2) Monitor network traffic to and from these devices for unusual activity or unauthorized file transfers. 3) Disable unnecessary network services and remote management interfaces on the devices. 4) Employ application whitelisting or endpoint protection solutions that can detect or block unauthorized executable files on device management servers. 5) Regularly audit device configurations and firmware versions to identify affected units. 6) Educate IT and security teams about the vulnerability to ensure rapid response to any suspicious behavior. 7) Engage with Lexmark support for updates and apply patches immediately upon availability. 8) Consider temporary replacement or removal of vulnerable devices from critical environments if feasible.