CVE-2025-1126

CVE-2025-1126 is a Reliance on Untrusted Inputs in a Security Decision vulnerability, corresponding to CWE-807, that affects the Lexmark Print Management Client. This flaw has a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its potential for severe impact with relatively low barriers to exploitation. The vulnerability was publicly disclosed on 2025-02-11.

The attack scenario involves a local attacker who requires only local access to the affected system. Exploitation demands low complexity, no privileges, and no user interaction. Upon success, the attacker can achieve high confidentiality, integrity, and availability impacts, with a change in scope that extends privileges beyond the vulnerable component.

Lexmark has published security advisories addressing this issue, available at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, which security practitioners should consult for mitigation guidance and patch information.