CVE-2025-65078 is a critical security vulnerability classified under CWE-426 (Untrusted Search Path) affecting the Embedded Solutions Framework in a broad range of Lexmark multifunction printers and related devices, including models MXTCT, MSNGM, MSTGM, MXNGM, and many others. The vulnerability stems from the device's failure to securely handle the search path for executable files or libraries, allowing an attacker to place malicious executables in a location that the device will trust and execute. This flaw enables remote, unauthenticated attackers to execute arbitrary code with full system privileges, potentially leading to complete device compromise. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no authentication or user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently reported, the severity and ease of exploitation make this a critical threat. The vulnerability affects multiple Lexmark device models widely used in enterprise and governmental environments for document management and printing services. The lack of available patches at the time of disclosure necessitates immediate risk mitigation strategies to prevent exploitation. Given the embedded nature of these devices and their integration into corporate networks, successful exploitation could allow attackers to pivot into internal networks, exfiltrate sensitive documents, or disrupt business operations.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Lexmark multifunction printers in offices, government agencies, and critical infrastructure sectors. Exploitation could lead to unauthorized access to sensitive documents, disruption of printing services, and potential lateral movement within corporate networks. Confidentiality is at high risk as attackers could intercept or manipulate print jobs containing sensitive information. Integrity and availability are also severely impacted, as attackers could alter device firmware or software, causing denial of service or persistent backdoors. The critical nature of the vulnerability means that organizations handling personal data under GDPR could face compliance violations and reputational damage if exploited. Additionally, sectors such as finance, healthcare, and public administration, which rely heavily on secure document handling, are particularly vulnerable. The lack of authentication and user interaction requirements lowers the barrier for attackers, increasing the likelihood of exploitation in environments with exposed or poorly segmented network devices.

Immediate mitigation should focus on network-level controls such as isolating affected Lexmark devices on dedicated VLANs with strict access controls to limit exposure. Organizations should implement network monitoring and intrusion detection systems tuned to detect anomalous behavior from these devices. Until official patches are released by Lexmark, disabling unnecessary services and restricting device management interfaces to trusted administrators can reduce attack surface. Regularly auditing device firmware versions and configurations is essential to identify vulnerable units. Employing application whitelisting or endpoint detection on connected workstations can prevent lateral movement from compromised devices. Organizations should also prepare incident response plans specific to printer and embedded device compromises. Once patches become available, rapid deployment across all affected devices is critical. Additionally, educating IT staff about this vulnerability and encouraging vigilance for suspicious network activity related to printing infrastructure will enhance defense.