The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code.

“Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,” Lexmark warns in an advisory (PDF).

The manufacturer lists roughly 125 device models that are impacted by the security defect, including B, C, CS, CX, M, MB, MC, MS, MX, XC, and XM series printers.