CVE-2025-26508

high-risk

Published 2025-02-14

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Do I need to act?

2.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Futuresmart 3

Futuresmart 4

Futuresmart 5

499M7A Firmware

499M8A Firmware

499M9A Firmware

499N0A Firmware

499N1A Firmware

499N4A Firmware

499N5A Firmware

499N6A Firmware

499Q3A Firmware

499Q3E Firmware

499Q3F Firmware

499Q4E Firmware

499Q4F Firmware

499Q5A Firmware

499Q5E Firmware

499Q5F Firmware

499Q5Fr Firmware

Affected Vendors

References (1)

Vendor Advisory https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 5/34 · Minimal

Exposure 30/34 · Critical