Cyber Resilience

CVE-2025-1127

Critical

Published: 13 February 2025

Published
13 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0023 46.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1127 is a critical-severity Path Traversal (CWE-22) vulnerability in Lexmark (inferred from references). Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1127 is a critical vulnerability (CVSS score 9.1, CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) published on 2025-02-13, associated with CWE-22 (Path Traversal) and CWE-362 (Race Condition). It affects Lexmark products, as referenced in their security advisories. The flaw allows an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

Exploitation requires high privileges (PR:H) and network access (AV:N) with low attack complexity and no user interaction. A privileged attacker can leverage this over the network to achieve arbitrary code execution running as an unprivileged user, alongside full filesystem modification capabilities, with changed scope (S:C) leading to high confidentiality, integrity, and availability impacts.

Lexmark's security advisories, available at https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html, provide details on mitigation and patches for this vulnerability.

EU & UK References

Vulnerability details

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.001 PowerShell Execution
Adversaries may abuse PowerShell commands and scripts for execution.
Why these techniques?

Network-accessible path traversal/race condition in public-facing Lexmark device directly enables remote exploitation (T1190) leading to arbitrary code execution via command/shell interpreters (T1059.001) plus unrestricted filesystem writes.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-64075Shared CWE-22
CVE-2024-53537Shared CWE-22
CVE-2024-36512Shared CWE-22
CVE-2025-0493Shared CWE-22
CVE-2025-70231Shared CWE-22
CVE-2026-43888Shared CWE-22
CVE-2025-15031Shared CWE-22
CVE-2026-25785Shared CWE-22
CVE-2025-11366Shared CWE-22
CVE-2026-1810Shared CWE-22

Affected Assets

Lexmark
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2025-1127 by requiring timely application of Lexmark patches to remediate the path traversal and race condition flaws.

prevent

Prevents exploitation of the CWE-22 path traversal aspect by enforcing validation of inputs used in file path operations.

prevent

Enforces filesystem access controls to limit arbitrary modifications by privileged attackers even if path traversal partially succeeds.

References