CVE-2025-9214 | THREATINT

Description

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.

PUBLISHED Reserved 2025-08-19 | Published 2025-09-11 | Updated 2025-09-11 | Assigner lenovo

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status

unaffected

Any version before Ver.D(1.05)

affected

Default status

unaffected

Any version before Ver.F

affected

Default status

unaffected

Any version before Ver.F

affected

Default status

unaffected

Any version before Ver.F

affected

Default status

unaffected

Any version before Ver.E(1.06)

affected

Default status

unaffected

Any version before Ver.D

affected

Default status

unaffected

Any version before Ver.D

affected

Default status

unaffected

Any version before Ver.D

affected

Default status

unaffected

Any version before Ver.E

affected

Default status

unaffected

Any version before Ver.E

affected

Default status

unaffected

Any version before Ver.E

affected

Default status

unaffected

Any version before Ver.E

affected

Credits

Lenovo thanks CNVD for reporting this issue. finder

References

iknow.lenovo.com.cn/detail/431734

cve.org (CVE-2025-9214)

nvd.nist.gov (CVE-2025-9214)

Download JSON