A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 09 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
Description A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.
Title Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Lexmark

Published:

Updated: 2025-09-09T18:36:21.085Z

Reserved: 2025-08-20T15:10:24.655Z

Link: CVE-2025-9269

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-09T18:15:36.993

Modified: 2025-09-09T18:15:36.993

Link: CVE-2025-9269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.