Which Lexmark printer series are affected by CVE-2025-1127?

The extensive list of affected devices includes popular enterprise printer series such as: CX series, XC series, MS series, MX series, CS series, and additional models including M-series, B-series, C-series, MC-series, XM-series, and MB-series devices.

What is the severity rating of the Lexmark printer vulnerability?

The vulnerability has a CVSS score of 9.1, which is classified as critical severity, indicating a very high risk to affected systems.

What should organizations do to protect their Lexmark printers?

Organizations should immediately check their printer firmware versions, update to the latest firmware releases provided by Lexmark, and as a temporary measure, ensure administrative passwords are set on devices if firmware updates cannot be deployed immediately.

Advisory

Lexmark reporting remote code execution flaw affecting over 120 Printer Models

published: May 21, 2025

Take action: If you are using Lexmark printers, make sure they are not exposed to the internet, then review the advisory to check whether your model is affected. At minimum make sure you password protect the embedded web server of the printers. Then plan a patch.

Learn More

Lexmark has disclosed a critical security vulnerability affecting the embedded web server in multiple printer models across its product lines.

The vulnerability is tracked as CVE-2025-1127 (CVSS score 9.1) and combines two security flaws that could allow attackers to execute arbitrary code remotely on affected devices.

CVE-2025-1127 (CVSS score 9.1): A combination Path Traversal (CWE-22) and Concurrent Execution (CWE-362) vulnerability affecting the embedded web server

The Path Traversal component allows attackers to navigate outside intended directories to access unauthorized files, while the Concurrent Execution element creates a timing vulnerability that can be exploited to execute malicious code.

Successful exploitation of this vulnerability enables attackers to remotely execute arbitrary code on vulnerable Lexmark devices.

The vulnerability impacts over 120 Lexmark printer models across multiple product families, affecting firmware versions .240.205 and earlier on most models. The extensive list of affected devices includes popular enterprise printer series such as:

CX series: CX950, CX951, CX961, CX962, CX963, CX833, CX532, CX635, CX930, CX931, CX942, CX943, CX944, CX730, CX735, CX737, CX522, CX622, CX625, CX421, CX820, CX825, CX827, CX860, CX725, CX727, CX920, CX921, CX922, CX923, CX924, CX331
XC series: XC9525, XC9535, XC9635, XC9645, XC9655, XC8355, XC2335, XC9325, XC9335, XC9445, XC9455, XC9465, XC4342, XC4352, XC2235, XC4240, XC2326, XC6152, XC6153, XC8155, XC8160, XC8163, XC4140, XC4143, XC4150, XC4153, XC9225, XC9235, XC9245, XC9255, XC9265
MS series: MS531, MS631, MS632, MS321, MS421, MS521, MS621, MS622, MS725, MS821, MS823, MS825, MS822, MS826, MS331, MS431, MS439
MX series: MX953, MX532, MX632, MX432, MX931, MX321, MX421, MX521, MX522, MX622, MX721, MX722, MX725, MX822, MX826, MX331, MX431
CS series: CS963, CS531, CS632, CS943, CS730, CS735, CS737, CS622, CS421, CS521, CS820, CS827, CS720, CS725, CS727, CS728, CS921, CS923, CS927, CS331, CS431, CS439
Additional models including M-series, B-series, C-series, MC-series, XM-series, and MB-series devices

Lexmark has released firmware updates to address the vulnerability across all affected product lines. Users must update to the appropriate fixed firmware version depending on their specific model:

Most newer models: Update to firmware version .240.206 or later
Some older models: Update to firmware version .230.408 or later

To determine the current firmware version, users can navigate to "Settings" → "Reports" → "Menu Setting Page" from the operator panel and review information under "Device Information." If the firmware level matches any affected release, immediate upgrading to the corresponding fixed release is required.

For organizations unable to immediately deploy firmware updates, Lexmark advises setting an administrative password on the device during initial setup will prevent untrusted users from executing this vulnerability. However, Lexmark strongly recommends firmware updates.

Lexmark reporting remote code execution flaw affecting over 120 Printer Models