CVE-2025-26506: Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege

9.2 CVSS

Description

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

Classification

CVE ID: CVE-2025-26506

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.2

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: HP, Inc.

Product: Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.99% (scored less or equal to compared to others)

EPSS Date: 2025-03-15 (when was this score calculated)

References

https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007

Timeline

2025-02-15 00:36:39 UTC
CVE

Certain HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers – Potential Remote Code Execution and Potential Elevation of Privilege