Cyber Resilience

CVE-2025-26508

High

Published: 14 February 2025

Published
14 February 2025
Modified
15 January 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0206 84.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26508 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Hp Futuresmart 5. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers are affected by CVE-2025-26508, a vulnerability that can lead to remote code execution and elevation of privilege during PostScript print job processing. The issue is tracked under CWE-787 and carries a CVSS 4.0 score of 8.3 with a network attack vector.

An unauthenticated attacker with network access can submit a crafted PostScript job to trigger the flaw, enabling arbitrary code execution on the printer and subsequent privilege escalation without user interaction.

The referenced HP advisory at https://support.hp.com/us-en/document/ish_11953771-11953793-16/hpsbpi04007 provides mitigation guidance and patch information for the affected models. EPSS for the CVE rose from lower values to a peak of 0.0609 on 2026-03-26 before receding to the current 0.0206, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes unauthenticated remote code execution via a crafted PostScript print job sent to a network-exposed printer service, directly enabling exploitation of a public-facing application for initial access and arbitrary code execution on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26507Same product: Hp 115P9Aw
CVE-2025-26506Same product: Hp 499M6A
CVE-2025-25742Shared CWE-787
CVE-2026-21897Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2024-57579Shared CWE-787
CVE-2024-57581Shared CWE-787
CVE-2026-0114Shared CWE-787
CVE-2024-11345Shared CWE-787
CVE-2026-41678Shared CWE-787

Affected Assets

hp
futuresmart 3
≤ 2309118_002276 · ≤ 2309118_002274 · ≤ 2309118_002275
hp
futuresmart 4
≤ 2411278_068111 · ≤ 2411278_068112 · ≤ 2411278_068114
hp
futuresmart 5
≤ 2508402_000090 · ≤ 2508125_000009 · ≤ 2508402_000058
hp
499m7a firmware
≤ 6.17.5.34-202412122146
hp
499m8a firmware
≤ 6.17.5.34-202412122146
hp
499m9a firmware
≤ 6.17.5.34-202412122146
hp
499n0a firmware
≤ 6.17.5.34-202412122146
hp
499n1a firmware
≤ 6.17.5.34-202412122146
hp
499n4a firmware
≤ 6.17.5.34-202412122146
hp
499n5a firmware
≤ 6.17.5.34-202412122146
+88 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the out-of-bounds write vulnerability by requiring timely application of vendor patches to affected HP printer firmware.

prevent

Prevents unauthenticated remote exploitation by enforcing boundary protections such as firewalls to block access to printer ports used for PostScript print jobs.

prevent

Addresses malformed PostScript inputs by requiring validation and error handling at printer input interfaces to block specially crafted print jobs.

References