CVE-2025-9785 is a high-severity vulnerability affecting PaperCut Print Deploy, an optional component used alongside PaperCut NG/MF to simplify printer deployment and management. The vulnerability stems from improper certificate validation (CWE-295) when the system is configured to use self-signed certificates for SSL/TLS communication between clients and the Print Deploy server. Specifically, if the customer does not correctly configure the client trust stores—both the operating system's trust store and the Java key store—to recognize the self-signed or private CA certificates, the SSL/TLS communication can be susceptible to man-in-the-middle (MITM) attacks. This misconfiguration risk is exacerbated by incomplete or insufficient documentation related to SSL configuration in Print Deploy, which may lead administrators to deploy insecure setups unknowingly. The vulnerability does not require user interaction or authentication to exploit, and it can be triggered remotely by an attacker positioned to intercept network traffic between clients and the Print Deploy server. The CVSS 4.0 score of 7.7 reflects the high impact on confidentiality, integrity, and availability, given that an attacker could intercept, modify, or disrupt print deployment communications. PaperCut recommends using valid certificates issued by trusted certificate authorities and ensuring that any private CA or self-signed certificates are properly imported into all relevant trust stores to mitigate this risk. No known exploits are currently reported in the wild, but the vulnerability's nature and ease of exploitation make it a significant concern for organizations using Print Deploy with self-signed certificates.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of print deployment communications. Exploitation could allow attackers to intercept sensitive print job data or manipulate printer configurations, potentially leading to data leakage or disruption of printing services. This is particularly critical in sectors with stringent data protection requirements such as healthcare, finance, and government institutions across Europe. Additionally, compromised print infrastructure could serve as a foothold for lateral movement within corporate networks, increasing the overall risk of broader cyberattacks. Given the widespread use of PaperCut solutions in educational institutions and enterprises throughout Europe, the vulnerability could impact a large number of endpoints if self-signed certificates are used without proper configuration. The risk is heightened in environments where network segmentation is limited and where print servers are accessible over less secure or shared networks.

To effectively mitigate CVE-2025-9785, European organizations should: 1) Avoid using self-signed certificates for Print Deploy SSL/TLS communication whenever possible; instead, obtain certificates from trusted public or private certificate authorities. 2) If self-signed or private CA certificates must be used, ensure that the CA certificate or self-signed certificate is explicitly imported into the operating system's trust store and the Java key store on all client machines deploying Print Deploy. 3) Follow the updated PaperCut documentation meticulously to verify that SSL configuration is complete and correct, including verifying certificate chains and trust anchors. 4) Implement network monitoring to detect unusual traffic patterns or potential MITM attempts targeting print deployment communications. 5) Restrict network access to Print Deploy servers to trusted networks and use network segmentation to limit exposure. 6) Regularly audit and update certificate configurations and renew certificates before expiration to prevent fallback to insecure configurations. 7) Educate IT administrators on the importance of proper SSL/TLS configuration and the risks of misconfiguration in Print Deploy environments.