Cyber Resilience

CVE-2023-50733

High

Published: 21 January 2025

Published
21 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0018 39.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-50733 is a high-severity Improper Input Validation (CWE-20) vulnerability in Lexmark (inferred from references). Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2023-50733 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Web Services feature in newer Lexmark devices. Published on 2025-01-21, it carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) and maps to CWE-20 (Improper Input Validation) and CWE-918 (Server-Side Request Forgery).

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction. Exploitation enables high confidentiality impact across a changed scope, allowing remote adversaries to potentially trick the device into making unauthorized requests to internal or external resources.

Mitigation details are available in the Lexmark security advisory at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html.

EU & UK References

Vulnerability details

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Web Services feature of newer Lexmark devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF in public-facing Web Services directly matches exploitation of an Internet-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-27818Shared CWE-20, CWE-918
CVE-2026-26121Shared CWE-20, CWE-918
CVE-2026-42261Shared CWE-20, CWE-918
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918
CVE-2026-21887Shared CWE-918
CVE-2026-4755Shared CWE-20
CVE-2026-31910Shared CWE-918
CVE-2026-48153Shared CWE-918
CVE-2026-3789Shared CWE-918

Affected Assets

Lexmark
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the SSRF vulnerability by requiring timely remediation through firmware updates as specified in the Lexmark security advisory.

prevent

Addresses the core CWE-20 improper input validation by enforcing validation of inputs to the Web Services feature, preventing forged requests.

prevent

Enforces approved information flow policies to block unauthorized outbound requests to internal or external resources triggered by SSRF exploitation.

References