CVE-2025-1126

Critical

Published: 11 February 2025

Published

11 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 12.8th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1126 is a critical-severity Reliance on Untrusted Inputs in a Security Decision (CWE-807) vulnerability in Lexmark Print Management (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by identifying, reporting, and correcting the specific reliance on untrusted inputs flaw in the Lexmark Print Management Client through timely patching as per vendor advisories.

SI-10 Information Input Validation good match

prevent

Enforces information input validation at entry points, directly countering the CWE-807 vulnerability where untrusted inputs are used in security decisions without validation.

AC-24 Access Control Decisions good match

prevent

Ensures access control decisions, including those in the print management client, are based solely on approved security assessments rather than untrusted inputs.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CWE-807 local untrusted input flaw in Lexmark client enables privilege escalation via manipulated security decisions (high-impact, no-privs local exploit with scope change).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

Deeper analysisAI

CVE-2025-1126 is a Reliance on Untrusted Inputs in a Security Decision vulnerability, corresponding to CWE-807, that affects the Lexmark Print Management Client. This flaw has a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its potential for severe impact with relatively low barriers to exploitation. The vulnerability was publicly disclosed on 2025-02-11.

The attack scenario involves a local attacker who requires only local access to the affected system. Exploitation demands low complexity, no privileges, and no user interaction. Upon success, the attacker can achieve high confidentiality, integrity, and availability impacts, with a change in scope that extends privileges beyond the vulnerable component.

Lexmark has published security advisories addressing this issue, available at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, which security practitioners should consult for mitigation guidance and patch information.