Printer vulnerabilities expose security weaknesses in HP, Xerox, and Lexmark devices
February 19, 2025
Printers from three leading manufacturers have been found to harbour serious security flaws, leaving businesses exposed to data theft, remote attacks, and system takeovers, prompting urgent calls for firmware updates and tighter security practices.
HP, Xerox, and Lexmark have all disclosed vulnerabilities in recent weeks, highlighting the growing cybersecurity threat posed by networked printers and multifunction devices—often overlooked by IT teams as potential entry points for hackers.
The security weaknesses vary in nature but underscore a common problem: modern printers are sophisticated networked devices, functioning more like computers than standalone peripherals, and vulnerable to many of the same forms of cyberattack.
HP’s disclosure, published on 14 February, revealed that a range of LaserJet Pro, LaserJet Enterprise, and LaserJet Managed printers were vulnerable to remote code execution and privilege escalation. Attackers exploiting these flaws could take control of devices and potentially infiltrate wider corporate networks. HP advised customers to update firmware immediately to prevent exploitation. This incident follows a March 2022 disclosure by HP of three critical vulnerabilities affecting a wide range of models, including LaserJet Pro, PageWide Pro, OfficeJet, Enterprise, Large Format, and DeskJet series, also posing remote code execution risks.
Xerox followed with its own warning on 18 February, after security researchers at Rapid7 discovered vulnerabilities in the Phaser, VersaLink, and WorkCentre printer lines. These flaws expose administrator credentials through what is known as a pass-back attack, enabling hackers to capture login details and gain unauthorised access. Default passwords left unchanged further heighten the risk. Xerox has released patches and urged customers to apply updates and implement robust password policies. A prior vulnerability from January 2022 (CVE-2022-23968) allowed unauthenticated users to crash devices remotely, underscoring Xerox’s ongoing security challenges.
Lexmark’s bulletin, issued alongside a formal security advisory, detailed a critical vulnerability in its Print Management Client (LPMC) software affecting versions 3.0.0 through 3.4.0. Rated 9.3 on the CVSSv3 severity scale, the flaw allows attackers to execute arbitrary processes with system-level privileges or delete protected folders on Windows, macOS, and Linux. Lexmark has released version 3.5.0 to address the issue, with no reports of the vulnerability being actively exploited. This follows a January 2023 security incident (CVE-2023-23560) involving a Server-Side Request Forgery (SSRF) vulnerability in Lexmark Web Services, which could lead to arbitrary code execution.
The rapid succession of disclosures has drawn attention to printers as a persistent weak link in corporate cybersecurity defences. While endpoint security strategies often prioritise laptops, servers, and mobile devices, printers are frequently left in default configurations, with outdated firmware and minimal monitoring.
Adding to this complexity is the nature of printer management in many organisations. IT networks may be overseen by internal teams or third-party contractors, while printers are often managed separately by a Managed Print Service (MPS) provider. This division of responsibility can create gaps in security coverage, with firmware updates and password policies falling through the cracks. Businesses need to ensure that MPS providers are aligned with internal IT security requirements and that printers are treated as part of the wider network infrastructure.
David Connett, a Partner at Connett & Unland GbR, warned that printers are increasingly targeted as entry points into corporate networks. “Printers are not just printers anymore. They are computers on your network, storing sensitive document images, and they need the same security attention as any other endpoint. Failing to patch vulnerabilities or enforce strong passwords leaves the door wide open for attackers,” he said.
The vulnerabilities disclosed by HP, Xerox, and Lexmark have renewed calls for businesses to treat printers as part of their core cybersecurity strategy. Best practices include timely firmware updates, disabling unused services, enforcing password changes, and integrating printers into regular vulnerability scans.
“Firmware updates can seem inconvenient, but the cost of inaction is far greater,” Connett added. “Security patches are vital—unlike updates that merely lock out competitor consumables.”
The disclosures serve as a stark reminder that in an era of connected devices, no endpoint is too small to be a target—or a gateway for cybercriminals.
Categories : World Focus
