A major security flaw, CVE-2025-26506, has been identified in HP LaserJet Pro, Enterprise, and Managed printers, with a critical CVSS score of 9.2. This vulnerability allows hackers to execute remote code and escalate privileges using malicious PostScript print jobs—no user interaction required.

If your organization relies on HP LaserJet printers, you need to update your firmware immediately. Failing to patch this flaw could leave your network exposed to attacks that can compromise sensitive data, disrupt operations, and even provide a backdoor into your broader IT environment.

Understanding the Threat

What Makes This Vulnerability So Dangerous?

CVE-2025-26506 is a stack-based buffer overflow vulnerability. In simple terms, it means an attacker can send a specially crafted print job to a vulnerable printer and gain complete control of the device.

Since no login credentials or user interaction are needed, this flaw makes every unpatched printer a potential entry point for attackers. Once inside, hackers could:
✔ Run malicious code on the printer
✔ Steal or alter print jobs
✔ Use the compromised printer to attack other networked devices
✔ Disrupt printing services, causing downtime

Why PostScript?

PostScript is a standard language for printing documents, but HP’s handling of PostScript files contains a security flaw. This means attackers can exploit the way LaserJet printers process print jobs, turning an everyday function into a major security risk.

Who is Affected?

HP has confirmed that multiple LaserJet Pro, Enterprise, and Managed models are impacted. Some of the affected devices include:

For a full list of impacted devices, visit HP’s security advisory.

How Serious is This?

The CVSSv4 score of 9.2 means this vulnerability is highly critical. Breaking down the risk factors:

• Remote Exploitable (AV:N) → Hackers don’t need physical access; they can attack over the network.
• No Credentials Required (PR:N) → Any attacker can exploit it, even without an account.
• No User Interaction (UI:N) → The attack happens automatically when a print job is received.
• High Impact on Confidentiality, Integrity, and Availability (VC:H, VI:H, VA:H) → Data theft, system compromise, and business disruption are all real risks.

Even though the attack complexity is rated as high, that just means it’s tricky to develop an exploit—once a working attack is out there, hackers can automate it and target any vulnerable printer with ease.

What You Need to Do Right Now

1️⃣ Update Your Printer Firmware

• Download the latest firmware from HP’s Software & Driver page
• Ensure all LaserJet Pro, Enterprise, and Managed printers are patched.
• HP recommends firmware version 6.17.5.34-202412122146 or later.

2️⃣ Restrict Network Access

• Block public access to printer services.
• Use firewalls and access controls to limit who can send print jobs.
• If a printer doesn’t need to be network-accessible, remove it from external connections.

3️⃣ Disable Unused Printing Features

• If PostScript printing isn’t necessary, consider disabling it.

4️⃣ Segment Printers from Critical Systems

• Keep printers on a separate VLAN so a compromised device can’t be used to attack the rest of your network.

5️⃣ Monitor for Suspicious Print Jobs

• Enable logging and SIEM alerts to detect abnormal printing activity.

Is This Being Exploited Yet?

So far, there’s no confirmed active exploitation of CVE-2025-26506. However, security researchers estimate that an exploit for this flaw could sell for $5,000–$25,000 on underground forums.

It’s only a matter of time before attackers figure out how to use this in real-world attacks. Organizations that don’t patch in time could be the first to suffer when an exploit becomes available.

Final Thoughts

HP LaserJet printers are found in businesses, schools, and government offices worldwide. A flaw that allows remote code execution with no authentication is a big deal, and the fact that attackers only need to send a malicious print job makes this an easy target for cybercriminals.

If you’re an IT or security professional, don’t wait—patch now and lock down access before this turns into an active attack vector.

For official guidance, refer to HP’s security advisory and firmware updates.