CVE-2025-65080 is a vulnerability categorized as CWE-843 (Access of Resource Using Incompatible Type, commonly known as type confusion) affecting the Postscript interpreter component in a wide range of Lexmark printer models, including MXTCT, MSNGM, MSTGM, MXNGM, and others. The vulnerability stems from the interpreter incorrectly handling resource types, which can cause type confusion leading to memory corruption. This flaw can be exploited remotely over the network without any authentication or user interaction, allowing an attacker to execute arbitrary code with the privileges of an unprivileged user on the affected device. The Postscript interpreter is responsible for processing print jobs, and this vulnerability could be triggered by specially crafted Postscript data sent to the printer. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). Despite the medium severity score of 6.9, the ability to execute code remotely without authentication makes this a significant risk. The affected Lexmark models are widely deployed in enterprise, government, and industrial environments globally, often integrated into critical workflows. As of now, no patches or mitigations have been officially released by Lexmark, and no active exploits have been reported in the wild. The vulnerability was reserved in late 2025 and published in early 2026, indicating a recent discovery. The lack of patch availability necessitates immediate defensive measures to reduce exposure. This vulnerability highlights the risks inherent in embedded device interpreters and the importance of secure coding practices in device firmware.

The exploitation of CVE-2025-65080 could allow attackers to execute arbitrary code on affected Lexmark printers remotely without authentication or user interaction. This can lead to unauthorized control over the device, enabling attackers to manipulate print jobs, intercept sensitive documents, or use the printer as a foothold for lateral movement within an organization's network. Given that printers are often connected to internal networks and may have access to sensitive data streams, this vulnerability could compromise confidentiality and integrity of information. Additionally, attackers could disrupt availability by causing device crashes or denial of service. The medium CVSS score reflects moderate impact, but the ease of exploitation and network accessibility elevate the risk. Organizations with large fleets of affected Lexmark devices, especially in sectors like government, healthcare, finance, and manufacturing, face increased risk of targeted attacks. The absence of patches increases the window of exposure, potentially allowing threat actors to develop exploits. Compromise of these devices could also undermine trust in document handling and lead to regulatory compliance issues. Overall, the vulnerability poses a significant operational and security risk if left unmitigated.

1. Immediately isolate affected Lexmark devices from untrusted networks, especially the internet, to prevent remote exploitation. 2. Restrict network access to printers by implementing strict firewall rules and network segmentation, allowing only trusted hosts to communicate with the devices. 3. Disable Postscript processing on printers if not required for business operations, or configure printers to accept only trusted print job formats. 4. Monitor network traffic for unusual or malformed Postscript data that could indicate exploitation attempts. 5. Maintain up-to-date inventory of all Lexmark devices and their firmware versions to prioritize patching once updates become available. 6. Engage with Lexmark support channels to obtain security advisories and patches as soon as they are released. 7. Employ endpoint detection and response (EDR) solutions to detect anomalous behavior originating from printers. 8. Educate IT and security teams about this vulnerability to ensure rapid response to any suspicious activity. 9. Consider deploying network-based intrusion detection systems (IDS) with signatures targeting Postscript exploitation techniques. 10. Plan for device replacement or firmware upgrades if patches are delayed or unavailable for extended periods.