HP warns of security vulnerabilities in laser printers
Security vulnerabilities jeopardise HP printers. These allow cyber criminals to execute malicious code remotely. Patches are available, HP recommends an update as soon as possible.
On 14 February, HP announced serious security vulnerabilities affecting numerous laser printers. The vulnerabilities potentially allow attackers to remotely execute malicious code on the affected devices and thus gain access to your system, including your computer.
Little details, many devices
HP provides little technical information about the vulnerabilities. However, they explain that all three vulnerabilities are related to the processing of Postscript print jobs. Cybercriminals can inject malware into this interface via Postscript.
Affected are models from the HP LaserJet Pro, HP LaserJet Enterprise and HP LaserJet Managed series - i.e. printers used in companies as well as those in private households.
The vulnerabilities are weighted differently according to the Common Vulnerability Scoring System (CVSS):
CVE-2025-26506 is considered particularly critical with a CVSS value of 9.2.
CVE-2025-26508 reaches 8.3 and is therefore also a serious threat.
CVE-2025-26507 has a medium severity level of 6.3.
Which printers are affected
If you own an HP laser printer, you should check whether your model is affected. HP has published a comprehensive list of product numbers. Updated firmware is available for each of these devices to fix the vulnerabilities.
Not all printers are equally affected by each vulnerability:
The most critical vulnerability CVE-2025-26506 only affects certain LaserJet Pro models. Enterprise models, on the other hand, are only vulnerable to CVE-2025-26507 and CVE-2025-26508.
According to HP, the attacks can be carried out without the perpetrators having to authenticate themselves. The user also does not have to become active. It remains unclear whether the vulnerabilities are already being actively exploited. However, the firmware update protects against this.
80 people like this article
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.