News + Trends

HP warns of security vulnerabilities in laser printers

18.2.2025

Translation: machine translated

Security vulnerabilities jeopardise HP printers. These allow cyber criminals to execute malicious code remotely. Patches are available, HP recommends an update as soon as possible.

On 14 February, HP announced serious security vulnerabilities affecting numerous laser printers. The vulnerabilities potentially allow attackers to remotely execute malicious code on the affected devices and thus gain access to your system, including your computer.

Little details, many devices

HP provides little technical information about the vulnerabilities. However, they explain that all three vulnerabilities are related to the processing of Postscript print jobs. Cybercriminals can infiltrate malware into this interface via Postscript.

Affected are models from the HP LaserJet Pro, HP LaserJet Enterprise and HP LaserJet Managed series - i.e. printers used in companies as well as those used in private households.

The vulnerabilities are weighted differently according to the Common Vulnerability Scoring System (CVSS):

CVE-2025-26506 is considered particularly critical with a CVSS value of 9.2.

CVE-2025-26508 reaches 8.3 and is therefore also a serious threat.

CVE-2025-26507 has a medium severity level of 6.3.

The Common Vulnerability Scoring System indicates how problematic a vulnerability is with a value between 0.0 and 10.0. The criteria Base Score, Temporal Score and Environmental Score are used as measurement metrics. The base score indicates how easily the vulnerability can be exploited and what impact it can have. The temporal score calculates whether the vulnerability has already been exploited or whether there are already patches. The environment score refers to whether a system or a specific environment suffers specifically from a security vulnerability

Which printers are affected

If you own an HP laser printer, you should check whether your model is affected. HP has published a comprehensive list of product numbers. Updated firmware is available for each of these devices to fix the vulnerabilities.

Not all printers are equally affected by each vulnerability:

The most critical vulnerability CVE-2025-26506 only affects certain LaserJet Pro models. Enterprise models, on the other hand, are only vulnerable to CVE-2025-26507 and CVE-2025-26508.

According to HP, the attacks can be carried out without the perpetrators having to authenticate themselves or require user interaction. It remains unclear whether the vulnerabilities are already being actively exploited. However, the firmware update protects against this.

Header image: Shutterstock

74 people like this article

Florian Bodoky

Editor

Florian.Bodoky@digitecgalaxus.ch

I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.

These articles might also interest you

News + Trends
Hype company Humane closes down, HP buys the remains
by Samuel Buchmann
News + Trends
DeepSeek: Chinese AI model makes Wall Street tremble
by Samuel Buchmann
News + Trends
Soon your Zigbee lights could also recognise movement
by Debora Pape