CVE-2025-9785 is a high-severity vulnerability classified under CWE-295 (Improper Certificate Validation) affecting PaperCut Print Deploy, an optional component designed to simplify printer deployment and management within PaperCut NG/MF environments. The vulnerability arises when organizations configure Print Deploy to use self-signed certificates but fail to properly integrate these certificates into the clients' trust stores, including the operating system trust store and the Java key store. This misconfiguration results in the clients not fully validating the server's SSL/TLS certificates, thereby exposing the communication channel between clients and the Print Deploy server to man-in-the-middle (MITM) attacks. The root cause is partially attributed to insufficient documentation around SSL configuration, which may lead administrators to incorrectly set up the system. PaperCut strongly recommends using valid, trusted certificates and following updated documentation to ensure proper SSL configuration. For those using private certificate authorities or self-signed certificates, it is critical to manually add the CA or self-signed certificate to the trust stores on client systems to prevent interception or tampering of print deployment communications. The vulnerability has a CVSS 4.0 score of 7.7, reflecting high severity, with attack vector being adjacent network, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the potential for exploitation exists given the nature of the weakness.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of print deployment communications. Exploitation could allow attackers to intercept or manipulate print jobs, potentially leaking sensitive documents or injecting malicious print instructions. This could disrupt business operations, cause data breaches, or enable lateral movement within networks. Organizations with large-scale print infrastructures or those handling sensitive data (e.g., government agencies, financial institutions, healthcare providers) are particularly at risk. The vulnerability also undermines trust in internal IT management processes and could lead to compliance violations under regulations such as GDPR if sensitive personal data is exposed. Given the widespread use of PaperCut products in Europe, especially in education and enterprise sectors, the risk of targeted attacks exploiting this misconfiguration is notable. The absence of required user interaction and the possibility of remote exploitation over adjacent networks (e.g., corporate LANs or Wi-Fi) increase the threat's severity.

To mitigate this vulnerability, European organizations should: 1) Immediately review and update their Print Deploy SSL/TLS configurations to ensure that valid, trusted certificates are used rather than self-signed ones wherever possible. 2) If self-signed or private CA certificates are necessary, ensure that these certificates are correctly imported into all client operating system trust stores and Java key stores to enable proper certificate validation. 3) Follow the updated PaperCut documentation meticulously to avoid misconfiguration. 4) Conduct internal audits of Print Deploy installations to verify SSL configurations and certificate trust relationships. 5) Employ network segmentation and monitoring to detect anomalous activities that could indicate MITM attempts. 6) Educate IT staff on the importance of certificate management and the risks of improper SSL configurations. 7) Keep PaperCut software up to date and monitor vendor advisories for patches or further guidance. 8) Consider deploying endpoint security solutions capable of detecting suspicious network interception or manipulation attempts within the print deployment environment.