HP fixes vulnerabilities in LaserJet printers, at least one critical
Take action: If you are using a HP LaserJet printer, review the advisory and plan a patch cycle. Ideally, make sure your printer is not exposed to the internet.
Learn More
HP reports multiple security vulnerabilities affecting their LaserJet printer lineup, including LaserJet Pro, LaserJet Enterprise, and LaserJet Managed Printers.
The vulnerabilities center around PostScript print job processing and include:
- CVE-2025-26506 (CVSS score 9.2) - Remote Code Execution and Elevation of Privilege vulnerability
- CVE-2025-26508 (CVSS score 8.3) - Remote Code Execution with lower impact on integrity and availability
- CVE-2025-26507 (CVSS score 6.3) - Limited availability impact vulnerability
The vulnerabilities could allow attackers to execute malicious code remotely, elevate privileges on affected systems, infiltrate network-connected printers and exploit PostScript processing weaknesses.
HP has released firmware updates for all affected devices. Organizations are strongly advised to:
- Check their printer inventory against HP's list of affected models
- Download and install the latest firmware updates from HP Software and Driver Downloads
- Follow their organizational patch management policies for third-party security patches
