CVE-2025-1127: Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server

9.1 CVSS

Description

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

Classification

CVE ID: CVE-2025-1127

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor: Lexmark

Product: CX, XC, CS, MS, MX, XM, et. al.

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 13.16% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

Timeline

2025-02-14 00:32:31 UTC
CVE

Combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server