Back

Critical Vulnerabilities in SUSE HPLIP Affecting Multiple Systems

Severity: High (Score: 72.0)

Sources: Linuxsecurity

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: issues, hplip, code, security, update, suse, critical

Severity indicators: critical, issue

Summary

SUSE has released updates addressing critical vulnerabilities in the HPLIP software, impacting various HP printers. Key issues include CVE-2025-43023, which involves weak code signing leading to potential key spoofing, and CVE-2026-8631, which allows escalation of privileges through an integer overflow. Additionally, CVE-2026-8632 enables arbitrary code execution via command injection. An unauthenticated remote denial-of-service vulnerability in the SLP parser is also present. These vulnerabilities could allow attackers to execute arbitrary code or disrupt services on affected devices. The updates were released on June 2 and June 3, 2026, with critical ratings assigned to the vulnerabilities. Users are urged to apply the patches immediately to mitigate risks. Key Points: • Critical vulnerabilities in HPLIP affect HP printers, with potential for code execution and DoS. • CVE-2025-43023 and CVE-2026-8631 are among the most severe issues identified. • Immediate patching is recommended to secure affected systems.

Detailed Analysis

**Impact** Multiple SUSE Linux systems using the hplip package are affected, including those running Leap 16 and other distributions relying on HPLIP for HP printer and fax device support. The vulnerabilities enable privilege escalation, remote code execution, and denial-of-service attacks, potentially disrupting printing services and allowing attackers to execute arbitrary code with elevated privileges. No specific geographic or sector data is provided, but organizations using SUSE Linux in enterprise or operational environments with HP printing hardware are at risk. **Technical Details** Exploits target CVE-2025-43023 (weak code signing DSA key enabling package spoofing), CVE-2026-8631 (integer overflow in hpcups processing), CVE-2026-8632 (OS command injection), and an unauthenticated remote denial-of-service (ReDoS) in the SLP parser (bsc#1245358). Attack vectors include remote LAN access and USB serial number URI injection. The vulnerabilities allow escalation of privileges, arbitrary code execution, and denial of service, impacting the software supply chain and local processing components. No specific malware or IOCs are mentioned. **Recommended Response** Apply the latest SUSE hplip security updates immediately, specifically SUSE-SU-2026:2222-1, SUSE-SU-2026:2228-1, and SUSE-SU-2026:2229-1. Harden configurations by restricting LAN access to printing services and sanitizing USB device inputs where possible. Monitor network traffic for unusual SLP parser activity and unauthorized package installations. No additional IOCs or detection signatures are provided in the reports.

Source articles (3)

  • SUSE: 2026:2222-1: critical: Security update for hplip — Linuxsecurity · 2026-06-02
    ## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software ins…
  • SUSE hplip Critical DoS Code Exec Issues Vulner 2026-2229 — Linuxsecurity · 2026-06-04
    ## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software ins…
  • SUSE hplip Critical Denial of Service Escalation Issues 2026-2228 — Linuxsecurity · 2026-06-04
    ## This update for hplip fixes the following issues Security issues: * CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software ins…

Timeline

  • 2025-07-28 — CVE-2025-43023 published: Weak code signing DSA key vulnerability disclosed, allowing potential key spoofing.
  • 2026-05-20 — CVE-2026-8631 published: Vulnerability allowing escalation of privileges via integer overflow disclosed.
  • 2026-05-20 — CVE-2026-8632 published: Arbitrary code execution vulnerability via command injection disclosed.
  • 2026-06-02 — SUSE releases critical update for HPLIP: Update addresses multiple security vulnerabilities, including CVE-2025-43023 and CVE-2026-8631.
  • 2026-06-03 — Second critical update for HPLIP released: Further updates released to address additional vulnerabilities including denial-of-service issues.

CVEs

  • CVE-2025-43023
  • CVE-2026-8631
  • CVE-2026-8632

Related entities

  • DDoS (Attack Type)
  • Cwe-190 - Integer Overflow Or Wraparound (Cwe)
  • CWE-78 - OS Command Injection (Cwe)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • Linux (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed