HP has confirmed critical vulnerabilities in laser printers that allow attackers to execute arbitrary code and escalate privileges by processing PostScript print jobs. The bugs threaten the security of devices on local networks, opening the possibility of remote attacks. The company has already released firmware updates and recommends their urgent installation.
Image source: Mahrous Houses / Unsplash
The list of affected models includes more than 120 series of HP laser printers, including the popular HP LaserJet Pro, HP LaserJet Enterprise and HP LaserJet Managed lines. The full list of vulnerable devices is published in the official HP notification. Due to the scale of the problem, corporate network administrators must check the models of the printers they use against this list and promptly update the firmware to minimize the risk of exploitation of the vulnerabilities.
According to the official notice, three vulnerabilities were discovered:
- CVE-2025-26506 is a critical vulnerability (CVSS 9.2) that could allow attackers to execute arbitrary code on the device.
- CVE-2025-26508 is a high-risk (CVSS 8.3) privilege escalation vulnerability.
- CVE-2025-26507 is a moderate vulnerability (CVSS 6.3).
The high score of CVE-2025-26506 indicates its exceptional danger, as exploitation of this vulnerability can lead to a complete compromise of the system. The exploitation of the identified vulnerabilities is possible in two main ways:
- Through a local network, if the attacker has access to a vulnerable device.
- By sending a malicious print job in PostScript format.
In the second case, malicious code is embedded in the document and executed when the printer processes the job. This gives the attacker the opportunity to seize control of the device, use it in a botnet, steal data, or organize attacks on the organization’s internal network. In this case, physical access to the printer is not required, which makes the threat especially serious for corporate infrastructures.
The vulnerabilities in HP printer firmware were discovered just a week after the company warned of critical vulnerabilities in its generic PostScript and PCL6 drivers. Moreover, Lexmark recently reported similar problems in its PostScript interpreter. Although Lexmark rated its vulnerabilities as high but not critical, the repeated incidents point to deep systemic problems in the way PostScript is implemented and processed in modern printing devices.
The PostScript language is widely used in corporate environments due to its high flexibility and ability to accurately process complex documents. However, its powerful functionality makes it a potential security threat if the mechanisms for interpreting the code are not properly protected. Similar vulnerabilities have been identified in the past, but the scale of the current problem indicates a global threat to corporate networks.