CVE-2025-9269 MEDIUM

CVE-2025-9269: Server-Side Request Forgery (SSRF) vulnerability found in embedded web server

Vendor Lexmark
Product CX, XC, CS, MS, MX, XM, et. al.
Weakness CWE-918 · SSRF
Published September 9, 2025
Last update September 29, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

What the vulnerability does

01Description

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.

Key dates

02Disclosure timeline

September 9, 2025 CVE published
September 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare CVE-2026-2711 zhutoutoutousan worldquant-miner URL ssrf_proxy.py server-side request forgery CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling CVE-2024-13838 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 6.2 - Authenticated (Admin+) Server-Side Request Forgery via Webhook