CVE-2025-4046 HIGH

CVE-2025-4046: Missing Authorization in Lexmark Cloud Services badge management

Vendor Lexmark
Product Lexmark Cloud Services
Weakness CWE-862 · Missing authorization
Published August 19, 2025
Last update February 26, 2026
View on NVD All CVEs

CVSS base score

8.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

Key dates

02Disclosure timeline

August 19, 2025 CVE published
February 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-25087 Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption CVE-2024-37175 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) CVE-2025-67597 WordPress Fluent Booking plugin <= 1.9.11 - Broken Access Control vulnerability CVE-2023-46628 WordPress WP Word Count plugin <= 3.2.4 - Broken Access Control vulnerability