Critical Vulnerabilities Detected in HP LaserJet Printers​

Critical Vulnerabilities Detected in HP LaserJet Printers

HP has released a security advisory regarding critical vulnerabilities affecting multiple LaserJet Pro, LaserJet Enterprise and LaserJet Managed printers. These vulnerabilities, identified as CVE-2025-26506, CVE-2025-26508 and CVE-2025-26507, could enable attackers to execute arbitrary code or escalate privileges by sending specially crafted PostScript print jobs. To mitigate these risks, HP has provided firmware updates and users are strongly advised to update their printer firmware immediately.

Technical Description

Vulnerability Details:
The vulnerabilities, CVE-2025-26506, CVE-2025-26508 and CVE-2025-26507, stem from flaws in the way HP LaserJet printers process PostScript print jobs.

  • CVE-2025-26506 (CVSS 9.2) is the most critical, allowing remote code execution without user interaction.
  • CVE-2025-26508 (CVSS 8.3) also enables remote code execution but requires a higher level of access.
  • CVE-2025-26507 (CVSS 6.3) allows for privilege escalation.

Exploitation Flows:
Hackers can take advantage of these security flaws by creating a harmful PostScript print job and sending it to a printer with the vulnerability. Because the printer does not process PostScript data correctly, this could allow hackers to run their own code or gain higher access to the system, giving them control of the printer. Since this attack can be carried out from a distance, it poses a serious risk to organizations using these printers.

Affected Models:
These vulnerabilities impact a broad range of HP LaserJet models, including the HP Color LaserJet Pro 4201-4203, HP Color LaserJet Pro MFP 4301-4303 and several HP Color LaserJet Enterprise models such as M552, M553, MFP M577, M681 and M682. Affected HP LaserJet Enterprise models include M507, MFP M527, MFP M528, M606, M607, M608 and M609. Additionally, the HP Color LaserJet Enterprise MFP X654dn, X677dn, X679dn, as well as HP PageWide Enterprise Color MFP 586, 785, 780, 765 and HP Managed Flow MFP E876, E877, E826, E725 and E786 are also impacted.

Mitigation:
HP has released firmware updates to fix these security flaws. Users should update their printer firmware to the latest version available on the HP Software and Driver Downloads website. This will help prevent attacks and keep their printers secure. The security issues in HP LaserJet printers are serious because they could allow hackers to take control of the device from a distance. Updating the firmware will protect printers from these risks and keep the printing system safe.

Impact

These vulnerabilities could let attackers take control of affected printers, potentially causing data breaches, unauthorized access, and disruptions to printing services. Organizations using these printers should update their firmware as soon as possible to reduce these risks.

IOC and Context Details

Table
Topics Details
Tactic Name Execution, Initial Access
Technique Name Exploitation for Remote Code Execution, Exploitation for Privilege Escalation, Exploitation for Client Execution, Remote Services
Sub Technique Name NA
Attack Type Vulnerability
Targeted Applications HP color LaserJet Printers
Region Impacted Global
Industry Impacted All
IOC’s NA
CVE CVE-2025-26508, CVE-2025-26506, CVE-2025-26507

Recommended Actions

  1. Update Firmware: Download and install the latest firmware updates provided by HP for the affected printer models.
  2. Restrict Network Access: Limit access to the printers from untrusted networks and implement network segmentation where applicable.
  3. Disable Unused Services: Disable unnecessary printing protocols and services to reduce exposure.
  4. Monitor for Unusual Activity: Regularly check printer logs and network activity for any signs of suspicious behavior Actions.

References