Skip to main content

499Q9E Firmware CVE-2025-26508

HIGH
Out-of-bounds Write (CWE-787)
2025-02-14 hp-security-alert@hp.com
RCE Buffer Overflow Memory Corruption HP 499Q9E Firmware 499Q9F Firmware 499R0A Firmware 499R0E Firmware 499R0F Firmware 4Ra80A Firmware 4Ra80E Firmware 4Ra80F Firmware 4Ra81A Firmware 4Ra81E Firmware 4Ra81F Firmware 4Ra81Fr Firmware 4Ra82A Firmware 4Ra82E Firmware 4Ra82F Firmware 4Ra82Fr Firmware 4Ra83A Firmware 4Ra83E Firmware 4Ra83F Firmware 4Ra84A Firmware 4Ra84E Firmware 4Ra84F Firmware 4Ra85A Firmware 4Ra85E Firmware 4Ra85F Firmware 4Ra85V Firmware 4Ra86A Firmware 4Ra86E Firmware 4Ra86F Firmware 4Ra87A Firmware 4Ra87E Firmware 4Ra87F Firmware 4Ra88A Firmware 4Ra88E Firmware 4Ra88F Firmware 4Ra89A Firmware 4Ra89V Firmware 5Hh48A Firmware 5Hh48V Firmware 5Hh51A Firmware 499M6A Firmware 499M7A Firmware 5Hh52A Firmware 5Hh53A Firmware 5Hh59A Firmware 5Hh64A Firmware 5Hh64E Firmware 5Hh64F Firmware 5Hh65A Firmware 5Hh66A Firmware 5Hh67A Firmware 5Hh72A Firmware 5Hh73A Firmware 74P25A Firmware 74P26A Firmware 74P27A Firmware 74P28A Firmware 74T92A Firmware 74T92E Firmware 74T92F Firmware 759V0E Firmware 759V0F Firmware 759V1E Firmware 759V1F Firmware 759V2E Firmware 759V2F Firmware 8D7L0A Firmware 8D7L1A Firmware 8D7L2A Firmware 499M8A Firmware 499M9A Firmware 499N0A Firmware 499N1A Firmware 499N4A Firmware 499N5A Firmware 499N6A Firmware 499Q3A Firmware 499Q3E Firmware 499Q3F Firmware 499Q4E Firmware 499Q4F Firmware 499Q5A Firmware 499Q5E Firmware 499Q5F Firmware 499Q5Fr Firmware 499Q6A Firmware 499Q6E Firmware 499Q6F Firmware 499Q7A Firmware 499Q7E Firmware 499Q7F Firmware 499Q8A Firmware 499Q8E Firmware 499Q8F Firmware 499Q9A Firmware Futuresmart 3 Futuresmart 5 Futuresmart 4
8.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:26 vuln.today
CVE Published
Feb 14, 2025 - 17:15 nvd
HIGH 8.3

DescriptionNVD

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.

AnalysisAI

Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job. Affected products include: Hp Futuresmart 3, Hp Futuresmart 4, Hp Futuresmart 5, Hp 499M7A Firmware, Hp 499M8A Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More from same product – last 7 days

CVE-2026-42626
5.9 May 22

HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetD

Share

CVE-2025-26508 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy