CVE-2023-50733

High

Published: 21 January 2025

Published

21 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score 0.0018 39.2th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.

Security Summary

CVE-2023-50733 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Web Services feature in newer Lexmark devices. Published on 2025-01-21, it carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) and maps to CWE-20 (Improper Input Validation) and CWE-918 (Server-Side Request Forgery).

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction. Exploitation enables high confidentiality impact across a changed scope, allowing remote adversaries to potentially trick the device into making unauthorized requests to internal or external resources.

Mitigation details are available in the Lexmark security advisory at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.

Details

CWE(s): CWE-20CWE-918

References

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
7bc73191-a2b6-4c63-9918-753964601853