CVE-2025-12785

high-risk

Published 2025-11-13

Certain HP LaserJet Pro printers may be vulnerable to information disclosure leading to credential exposure by altering the scan/send destination address and/or modifying the LDAP Server.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

W1Y47A Firmware

7Kw48A Firmware

7Kw49A Firmware

7Kw50A Firmware

7Kw51A Firmware

7Kw54A Firmware

7Kw55A Firmware

7Kw56A Firmware

7Kw57A Firmware

7Kw58A Firmware

7Kw59A Firmware

7Kw63A Firmware

7Kw64A Firmware

7Kw65A Firmware

7Kw66A Firmware

7Kw67A Firmware

7Kw68A Firmware

7Kw72A Firmware

7Kw73A Firmware

7Kw74A Firmware

Affected Vendors

References (1)

Vendor Advisory https://support.hp.com/us-en/document/ish_13229161-13229183-16/hpsbpi04074

/ 100

high-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 27/34 · High