CVE-2025-2268
Published: 14 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-2268 is a denial-of-service vulnerability affecting the HP LaserJet MFP M232-M237 Printer Series. The issue arises when a specially crafted request message is sent via the Internet Printing Protocol (IPP), potentially disrupting printer functionality. Published on 2025-03-14, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-241.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, authentication, or user interaction. By transmitting a malicious IPP request to an affected printer, an attacker can cause a denial of service, severely impacting availability while leaving confidentiality and integrity unaffected.
HP has issued a security bulletin detailing the vulnerability at https://support.hp.com/us-en/document/ish_12114154-12114176-16/hpsbpi04013, which security practitioners should consult for patch availability and mitigation guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote exploitation of a software flaw in IPP handling to crash or disrupt the printer service, directly matching T1499.004 Application or System Exploitation for denying availability.