Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
WARNING: A CRITICAL VULNERABILITY (CVE-2025-26506, CVSS: 9.2) IN SPECIFIC HP LASERJET PRO, HP LASERJET ENTERPRISE, AND HP LASERJET MANAGED PRINTERS, POTENTIALLY ALLOWING REMOTE CODE EXECUTION AND ELEVATION OF PRIVILEGE, PATCH IMMEDIATELY!
Image
Veröffentlicht : 17/02/2025
Reference:
Advisory #2025-36
Version:
1.0
Affected software:
HP LaserJet Pro, HP LaserJet Enterprise, HP LaserJet Managed Printers
Type:
Remote Code Execution
CVE/CVSS:
CVE-2025-26506: CVSS 9.2 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007
Risks
Successful exploitation of this vulnerability in certain HP LaserJet printers could lead to remote code execution, privilege escalation, and complete system compromise. CVE-2025-26506 may allow attackers to execute malicious commands, escalating their access and potentially compromising the entire network or connected devices.
This vulnerability has a significant impact on confidentiality, integrity, and availability.
There is currently no evidence of this vulnerability being actively exploited, nor are there any proof-of-concept exploits available at the time of writing.
Description
Certain HP LaserJet printers may have a vulnerability that, when handling PostScript print jobs, could allow attackers to execute malicious code remotely and potentially gain higher privileges on the device.
Possible scenario of the attack:
- The attacker sends a malicious PostScript print job to a vulnerable HP LaserJet printer.
- The printer processes the PostScript code.
- Due to the vulnerability, the malicious code gets executed remotely.
- The attacker may escalate privileges on the printer, gaining unauthorized control.
- The attacker could use the elevated privileges to manipulate or damage printer settings, gain access to sensitive data, or launch further attacks on connected networks.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.