Certain Samsung MultiXpress Multifunction Printers may allow the disclosure of sensitive information, including address book entries and device configuration, when accessed through particular APIs without the necessary authorization. The vulnerability arises from insufficient access control on these interfaces, enabling an attacker to retrieve confidential data.

HP Inc. Samsung MultiXpress series, including models SL-K4255RX, SL-K4305LX, SL-K4355LX, SL-X4225RX, SL-X4255LX, SL-X4305LX, SL-K7400LXR, SL-K7500LXR, SL-K7600LXR, SL-X7600LXR, SL-X7500LXR, and SL-X7400LXR are affected.

The CVSS score of 5.3 indicates medium severity, and an EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild. The vulnerability is not currently listed in CISA’s KEV catalog. While the description does not detail an active exploit, the likely attack vector involves an attacker sending crafted requests to the vulnerable APIs over the network, potentially requiring some degree of network proximity or administrative network access. Because the flaw stems from missing authorization checks, the risk emphasizes confidentiality rather than integrity or availability.