A critical out-of-bounds write vulnerability in Marlin firmware allows attackers to corrupt memory and crash systems via maliciously crafted G-code commands.

The M421 G-code handler fails to validate X and Y grid indices when MESH_BED_LEVELING is enabled. An attacker can send a crafted command to perform an out-of-bounds write, corrupting adjacent firmware memory and causing unpredictable system behavior.

With a CVSS score of 9.1, this vulnerability poses a significant risk to industrial and personal 3D printing environments. Successful exploitation results in persistent denial of service or permanent state corruption, potentially requiring a complete firmware reflash and interrupting critical manufacturing or prototyping workflows.

Immediate Action: Update to a firmware version containing the fix (commit 1f255d1) or the latest stable release provided by MarlinFirmware.

Proactive Monitoring: Restrict access to printer interfaces (USB and network) to trusted users only and inspect G-code files for suspicious commands before printing.

Compensating Controls: Implement network-level access controls to isolate 3D printing equipment from untrusted network segments to prevent remote G-code injection.

Public Exploit Available: No

Users of Marlin firmware should prioritize updating their systems to the patched version. Given the potential for system instability and bricking, ensuring that firmware is verified and up-to-date is essential for maintaining the operational reliability of 3D printing hardware.