CVE-2025-9785
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-04
Assigner: PaperCut
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| papercut | papercut_ng | 4.0 |
| papercut | print_deploy | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the PaperCut Print Deploy component, which simplifies printer deployment and management. If the system is configured to use a self-signed certificate but the client trust database is not properly configured, it can expose communication between clients and the server to man-in-the-middle attacks. The issue is partly due to incomplete documentation on SSL configuration, which may lead to misconfiguration. Proper use of valid certificates and following updated documentation is strongly recommended to secure installations.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to perform man-in-the-middle attacks on the communication between clients and the PaperCut Print Deploy server. This could lead to interception, modification, or theft of sensitive data transmitted during printer deployment and management processes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your PaperCut Print Deploy installation uses valid certificates rather than self-signed certificates. Follow the updated documentation to correctly configure SSL. If you must use private CAs or self-signed certificates, copy the Certification Authority certificate or the self-signed certificate to the trust store of your operating system and to the Java key store to prevent man-in-the-middle attacks.