CVE-2025-43023: 
Linux Debian vulnerability analysis and mitigation

A security vulnerability (CVE-2025-43023) has been identified in the HP Linux Imaging and Printing Software (HPLIP) documentation. The vulnerability was disclosed on July 28, 2025, and is related to the use of a weak code signing key, specifically the Digital Signature Algorithm (DSA). The issue affects multiple versions of the HPLIP software across various Linux distributions (NVD, Ubuntu Security).

The vulnerability has been assigned a CVSS 4.0 Base Score of 5.9 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N. The weakness has been categorized under CWE-347 (Improper Verification of Cryptographic Signature). The vulnerability specifically relates to the implementation of DSA for code signing purposes (NVD).

The vulnerability affects multiple Linux distributions including Ubuntu 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS. All these versions are currently marked as vulnerable with fixes deferred (Ubuntu Security).

As of August 1, 2025, no official fixes have been released. Ubuntu has marked the fix as deferred across all affected versions, and security teams are still analyzing the full extent of the vulnerability (Ubuntu Security).

Security teams are actively monitoring the situation, with Ubuntu security team member mdeslaur noting that details about the actual issue are limited, despite the advisory indicating version 3.25.2 is vulnerable (Ubuntu Security).