do son 
Lexmark has issued a security advisory addressing a critical vulnerability in its Lexmark Print Management Client (LPMC). The vulnerability, tracked as CVE-2025-1126 and assigned a CVSSv3 base score of 9.3, could allow attackers to execute arbitrary code and delete sensitive files on affected systems.
The vulnerability stems from a reliance on untrusted inputs in a security decision within the LPMC. This flaw could be exploited by an attacker to gain unauthorized access to sensitive information and system resources. Specifically, an attacker could potentially launch arbitrary processes with elevated privileges and delete critical files and folders on the workstation.
“A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client,” the advisory states. The vulnerability affects LPMC versions 3.0.0 through 3.4.0 across Windows, Mac, and Linux operating systems.
Lexmark has released LPMC version 3.5.0 to address the CVE-2025-1126 vulnerability. Users are strongly advised to upgrade to the latest version as soon as possible to mitigate the risk of exploitation. The update can be downloaded through the Lexmark Cloud web portal.
“Lexmark strongly recommends that all customers currently using LPMC 3.0 through 3.4.0 update immediately to address this issue,” the advisory emphasizes. The company is not currently aware of any malicious use of this vulnerability.
Lexmark encourages users to contact their account team or the Technical Support Center if they have any questions or require assistance with the update process.
Related Posts:
- Lexmark Printer Security Alert: Firmware Updates Needed to Combat Dangerous Vulnerabilities
- Over 1,000 Lexmark printers worldwide are exposed online
- Researcher Details Lexmark Printer “Zero-Day” Vulnerability
- PoC released for CVE-2023-26067 flaw in Lexmark Printers
- Critical server-side request forgery flaw in Lexmark products
