Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Print Deploy by PaperCut
CVE-2026-6645 (GCVE-0-2026-6645)
Vulnerability from nvd – Published: 2026-06-22 03:24 – Updated: 2026-06-23 03:55
VLAI
Title
Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows
Summary
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.
Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | Print Deploy |
Affected:
0 , < 1.10.4178
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T03:55:35.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Print Deploy",
"vendor": "PaperCut",
"versions": [
{
"lessThan": "1.10.4178",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alex F. \u003csupport.solutions@jet-services.com\u003e // JET Services"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.\u003c/p\u003e\u003cp\u003eBecause the application does not specify an absolute path to this utility, it relies on the operating system\u0027s default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system\u0027s search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.\u003c/p\u003e"
}
],
"value": "An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.\n\n\n\nBecause the application does not specify an absolute path to this utility, it relies on the operating system\u0027s default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system\u0027s search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T03:24:06.542Z",
"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"shortName": "PaperCut"
},
"references": [
{
"url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-june-2026/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"assignerShortName": "PaperCut",
"cveId": "CVE-2026-6645",
"datePublished": "2026-06-22T03:24:06.542Z",
"dateReserved": "2026-04-20T04:12:52.791Z",
"dateUpdated": "2026-06-23T03:55:35.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9785 (GCVE-0-2025-9785)
Vulnerability from nvd – Published: 2025-09-03 04:14 – Updated: 2026-02-26 17:49
VLAI
Title
Misconfigured certificate validation with self-signed certificates for Print Deploy
Summary
PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.
It was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | Print Deploy |
Affected:
0 , < 1.9.2917
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T03:55:27.125442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:47.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Print Deploy"
],
"platforms": [
"Windows",
"MacOS"
],
"product": "Print Deploy",
"vendor": "PaperCut",
"versions": [
{
"changes": [
{
"at": "1.9.2917",
"status": "unaffected"
}
],
"lessThan": "1.9.2917",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Kornhuber of DBSystel GmbH (Tim.Kornhuber@deutschebahn.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Oliver Matula of DBSystel GmbH (Oliver.Matula@deutschebahn.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Maximilian Platzner of DBSystel GmbH (Maximilian.Platzner@deutschebahn.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIt was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store\u003c/p\u003e"
}
],
"value": "PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.\u00a0\n\nIt was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T05:28:10.895Z",
"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"shortName": "PaperCut"
},
"references": [
{
"url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-september-2025/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Misconfigured certificate validation with self-signed certificates for Print Deploy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"assignerShortName": "PaperCut",
"cveId": "CVE-2025-9785",
"datePublished": "2025-09-03T04:14:07.424Z",
"dateReserved": "2025-09-01T06:47:33.435Z",
"dateUpdated": "2026-02-26T17:49:47.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6645 (GCVE-0-2026-6645)
Vulnerability from cvelistv5 – Published: 2026-06-22 03:24 – Updated: 2026-06-23 03:55
VLAI
Title
Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows
Summary
An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.
Because the application does not specify an absolute path to this utility, it relies on the operating system's default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system's search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | Print Deploy |
Affected:
0 , < 1.10.4178
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T03:55:35.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Print Deploy",
"vendor": "PaperCut",
"versions": [
{
"lessThan": "1.10.4178",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alex F. \u003csupport.solutions@jet-services.com\u003e // JET Services"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.\u003c/p\u003e\u003cp\u003eBecause the application does not specify an absolute path to this utility, it relies on the operating system\u0027s default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system\u0027s search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host.\u003c/p\u003e"
}
],
"value": "An insecure process execution vulnerability exists in the pc-printer-updater.exe component of the PaperCut Print Deploy Client for Windows. The application, which typically operates with high-level system privileges, attempts to perform an internal validation check by invoking a secondary system utility using an unqualified file reference.\n\n\n\nBecause the application does not specify an absolute path to this utility, it relies on the operating system\u0027s default search order to locate the executable. Under specific conditions, a local attacker with the ability to modify directories within the system\u0027s search path could plant a malicious binary that mimics the expected utility. This could result in the malicious code being executed with SYSTEM privileges, leading to a full compromise of the affected host."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T03:24:06.542Z",
"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"shortName": "PaperCut"
},
"references": [
{
"url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-june-2026/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Search Path Vulnerability in PaperCut Print Deploy Client for Windows",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"assignerShortName": "PaperCut",
"cveId": "CVE-2026-6645",
"datePublished": "2026-06-22T03:24:06.542Z",
"dateReserved": "2026-04-20T04:12:52.791Z",
"dateUpdated": "2026-06-23T03:55:35.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9785 (GCVE-0-2025-9785)
Vulnerability from cvelistv5 – Published: 2025-09-03 04:14 – Updated: 2026-02-26 17:49
VLAI
Title
Misconfigured certificate validation with self-signed certificates for Print Deploy
Summary
PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.
It was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PaperCut | Print Deploy |
Affected:
0 , < 1.9.2917
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T03:55:27.125442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:49:47.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Print Deploy"
],
"platforms": [
"Windows",
"MacOS"
],
"product": "Print Deploy",
"vendor": "PaperCut",
"versions": [
{
"changes": [
{
"at": "1.9.2917",
"status": "unaffected"
}
],
"lessThan": "1.9.2917",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim Kornhuber of DBSystel GmbH (Tim.Kornhuber@deutschebahn.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Oliver Matula of DBSystel GmbH (Oliver.Matula@deutschebahn.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Maximilian Platzner of DBSystel GmbH (Maximilian.Platzner@deutschebahn.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIt was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store\u003c/p\u003e"
}
],
"value": "PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks.\u00a0\n\nIt was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store"
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T05:28:10.895Z",
"orgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"shortName": "PaperCut"
},
"references": [
{
"url": "https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-september-2025/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Misconfigured certificate validation with self-signed certificates for Print Deploy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb41dac7-0af8-4f84-9f6d-0272772514f4",
"assignerShortName": "PaperCut",
"cveId": "CVE-2025-9785",
"datePublished": "2025-09-03T04:14:07.424Z",
"dateReserved": "2025-09-01T06:47:33.435Z",
"dateUpdated": "2026-02-26T17:49:47.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}