CVE-2025-9269 - Vulnerability Details

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Lexmark	Lexmark

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Lexmark	Lexmark

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

History

Fri, 12 Sep 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Lexmark Lexmark lexmark
Vendors & Products		Lexmark Lexmark lexmark

Tue, 09 Sep 2025 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Sep 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.
Title		Server-Side Request Forgery (SSRF) vulnerability found in embedded web server
Weaknesses		CWE-918
References		https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Lexmark

Published: 2025-09-09T17:21:36.589Z

Updated: 2025-09-29T15:34:06.094Z

Reserved: 2025-08-20T15:10:24.655Z

Link: CVE-2025-9269

Vulnrichment

Updated: 2025-09-09T17:43:59.239Z

NVD

Status : Awaiting Analysis

Published: 2025-09-09T18:15:36.993

Modified: 2025-09-11T17:14:25.240

Link: CVE-2025-9269

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-12T09:11:43Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object