Lenovo Printer CUPS Service Missing Auth Leak
CVE-2025-9214 Published on September 11, 2025

A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.


Products Associated with CVE-2025-9214

Want to know whenever a new CVE is published for Lenovo products? stack.watch will email you.

Lenovo Lj2206w Printer
 
Lenovo M7206w Printer
 
Lenovo M7216nwa Printer
 
Lenovo M7256whf Printer
 
Lenovo Lj2655dn Printer
 
Lenovo M7615dna Printer
 
Lenovo M7626dna Printer
 
Lenovo M7628dna Printer
 
Lenovo M7455dnf Printer
 
Lenovo M7675dxf Printer
 
Lenovo M7685dxf Printer
 
Lenovo M7686dxf Printer
 

Affected Versions

Lenovo LJ2206W Printer: Lenovo M7206W Printer: Lenovo M7216NWA Printer: Lenovo M7256WHF Printer: Lenovo LJ2655DN Printer: Lenovo M7615DNA: Lenovo M7626DNA Printer: Lenovo M7628DNA Printer: Lenovo M7455DNF Printer: Lenovo M7675DXF Printer: Lenovo M7685DXF Printer: Lenovo M7686DXF:

Exploit Probability

EPSS
0.02%
Percentile
4.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.