CVE-2025-1127

Critical

Published: 13 February 2025

Published

13 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0023 46.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

Security Summary

CVE-2025-1127 is a critical vulnerability (CVSS score 9.1, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) published on 2025-02-13, associated with CWE-22 (Path Traversal) and CWE-362 (Race Condition). It affects Lexmark products, as referenced in their security advisories. The flaw allows an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

Exploitation requires high privileges (PR:H) and network access (AV:N) with low attack complexity and no user interaction. A privileged attacker can leverage this over the network to achieve arbitrary code execution running as an unprivileged user, alongside full filesystem modification capabilities, with changed scope (S:C) leading to high confidentiality, integrity, and availability impacts.

Lexmark's security advisories, available at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, provide details on mitigation and patches for this vulnerability.

Details

CWE(s): CWE-22CWE-362

References

https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
7bc73191-a2b6-4c63-9918-753964601853