CVE-2025-65079 is a heap-based buffer overflow vulnerability (CWE-122) identified in the Postscript interpreter component embedded in a broad range of Lexmark printer models, including MXTCT, MSNGM, MSTGM, MXNGM, and others. The vulnerability arises from improper handling of Postscript data, allowing an attacker to overflow a heap buffer and overwrite memory. This flaw can be exploited remotely over the network without requiring authentication or user interaction, enabling arbitrary code execution with the privileges of the Postscript interpreter process, typically an unprivileged user. The vulnerability affects multiple Lexmark devices widely deployed in enterprise and government environments for document processing. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no privileges or user interaction needed, and limited impact on confidentiality, integrity, and availability. No patches or known exploits are currently available, but the vulnerability's presence in critical print infrastructure poses a risk of device compromise, lateral movement, or disruption of printing services. The vulnerability was reserved in November 2025 and published in February 2026, indicating recent discovery. The lack of patch links suggests vendors have not yet released fixes, emphasizing the need for proactive mitigation.

For European organizations, this vulnerability presents a tangible risk to the security and availability of networked printing infrastructure. Successful exploitation could allow attackers to execute arbitrary code on affected Lexmark devices, potentially leading to device takeover, interception or manipulation of print jobs, and pivoting into internal networks. This could compromise sensitive documents, disrupt business operations, and serve as a foothold for broader attacks. Sectors with heavy reliance on printing, such as government agencies, legal firms, healthcare providers, and financial institutions, are particularly vulnerable. The medium CVSS score reflects moderate impact, but the ease of exploitation without authentication increases risk. Additionally, compromised printers could be used to launch attacks against other network assets. The absence of patches means organizations must rely on compensating controls to reduce exposure. Given the widespread use of Lexmark devices across Europe, the threat could affect a large number of enterprises if exploited at scale.

1. Conduct a comprehensive inventory of all Lexmark devices in use, identifying affected models listed in the CVE. 2. Immediately isolate vulnerable printers on segmented networks or VLANs to limit exposure to untrusted networks. 3. Disable Postscript processing on printers where it is not required, or restrict Postscript input sources to trusted users and systems. 4. Implement strict access controls and firewall rules to limit network access to printer management interfaces and services. 5. Monitor network traffic and device logs for anomalous activity indicative of exploitation attempts, such as unexpected Postscript data or abnormal process behavior. 6. Engage with Lexmark support channels to obtain information on forthcoming patches or firmware updates and plan timely deployment once available. 7. Educate IT and security teams about this vulnerability to ensure rapid response capability. 8. Consider deploying network-based intrusion detection/prevention systems with signatures targeting Postscript exploitation attempts. 9. Regularly review and update printer firmware and security configurations as part of standard maintenance. 10. Where possible, replace legacy or unsupported devices with models that have robust security features and vendor support.