CVE-2025-65079 is a heap-based buffer overflow vulnerability categorized under CWE-122, identified in the Postscript interpreter component of numerous Lexmark printer models, including MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, and others. The vulnerability stems from improper memory management when processing Postscript data, which can lead to heap corruption. An attacker can exploit this flaw remotely without any authentication or user interaction, by sending specially crafted Postscript data to the vulnerable printer. Successful exploitation allows arbitrary code execution with the privileges of the printer’s unprivileged user context, potentially enabling further compromise of the device or lateral movement within a network. The vulnerability has been assigned a CVSS 4.0 score of 6.9, reflecting a medium severity with network attack vector, low attack complexity, and no privileges or user interaction required. The scope is limited to the printer device itself, with no indication of privilege escalation beyond the device. As of the publication date, no patches or known exploits have been reported, but the broad range of affected models and the critical role of printers in enterprise environments make this a significant concern. The vulnerability was reserved in November 2025 and published in February 2026, with Lexmark as the assigner. The lack of patch availability necessitates immediate compensating controls to mitigate risk.

The exploitation of this vulnerability could allow attackers to execute arbitrary code on affected Lexmark printers, compromising device confidentiality, integrity, and availability. This can lead to unauthorized access to sensitive print jobs, manipulation or disruption of printing services, and potential use of the compromised printer as a foothold for further attacks within an organization’s network. Given that printers often reside within internal networks and may have access to sensitive documents, the impact extends beyond the device itself. Organizations could face data leakage, operational disruption, and increased risk of lateral movement by attackers. The medium CVSS score reflects a moderate but tangible risk, especially in environments where printers are exposed to untrusted networks or insufficiently segmented. The absence of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits in the future. The broad range of affected models increases the potential attack surface, particularly in large enterprises and government agencies relying on Lexmark devices.

1. Immediately restrict network access to affected Lexmark printers by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 2. Disable or restrict Postscript printing capabilities if not required, reducing the attack surface. 3. Monitor printer network traffic for anomalous or unexpected Postscript data that could indicate exploitation attempts. 4. Apply any available firmware updates or patches from Lexmark as soon as they are released; maintain close communication with the vendor for updates. 5. Implement strong access controls on printer management interfaces, including authentication and encryption. 6. Conduct regular security assessments and penetration tests focusing on printer infrastructure. 7. Educate IT and security staff about this vulnerability to ensure rapid detection and response. 8. Maintain comprehensive logging and alerting on printer activity to facilitate incident investigation. 9. Consider isolating printers on dedicated VLANs with limited connectivity to critical systems. 10. Prepare incident response plans specifically addressing printer compromise scenarios.