Detections
Analytics

HP LaserJet Printers Multiple RCE (HPSBPI04007)

high Nessus Plugin ID 216482

Language:

Synopsis

The remote printer is affected by multiple remote code execution vulnerabilities

Description

According to its model number and firmware revision, the remote HP LaserJet printer is affected by two remote code execution and elevation of privilege vulnerabilities when processing a PostScript print job.

Solution

Upgrade to the HP LaserJet firmware referenced in the advisory.

See Also

http://www.nessus.org/u?0642fc8c

Plugin Details

Severity: High

ID: 216482

File Name: hp_laserjet_hpsbpi04007.nasl

Version: 1.3

Type: remote

Family: Misc.

Published: 2/19/2025

Updated: 2/21/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P

CVSS Score Source: CVE-2025-26508

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:hp:laserjet

Required KB Items: www/hp_laserjet

Exploit Ease: No known exploits are available

Patch Publication Date: 2/14/2025

Vulnerability Publication Date: 2/14/2025

Reference Information

CVE: CVE-2025-26507, CVE-2025-26508

HP: HPSBPI04007

IAVA: 2025-A-0122