PT-2025-22861 · Unknown+2 · Small Office Multifunction Printers+5
Published
2025-05-25
·
Updated
2025-05-31
·
CVE-2025-2146
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Canon Small Office Multifunction Printers and Laser Printers versions prior to firmware v05.08
Satera MF656Cdw versions prior to firmware v05.08
Satera MF654Cdw versions prior to firmware v05.08
Satera MF551dw versions prior to firmware v05.08
Satera MF457dw versions prior to firmware v05.08
Color imageCLASS MF656Cdw versions prior to firmware v05.08
Color imageCLASS MF654Cdw versions prior to firmware v05.08
Color imageCLASS MF653Cdw versions prior to firmware v05.08
Color imageCLASS MF652Cdw versions prior to firmware v05.08
Color imageCLASS LBP633Cdw versions prior to firmware v05.08
Color imageCLASS LBP632Cdw versions prior to firmware v05.08
imageCLASS MF455dw versions prior to firmware v05.08
imageCLASS MF453dw versions prior to firmware v05.08
imageCLASS MF452dw versions prior to firmware v05.08
imageCLASS MF451dw versions prior to firmware v05.08
imageCLASS LBP237dw versions prior to firmware v05.08
imageCLASS LBP236dw versions prior to firmware v05.08
imageCLASS X MF1238 II versions prior to firmware v05.08
imageCLASS X MF1643i II versions prior to firmware v05.08
imageCLASS X MF1643iF II versions prior to firmware v05.08
imageCLASS X LBP1238 II versions prior to firmware v05.08
i-SENSYS MF657Cdw versions prior to firmware v05.08
i-SENSYS MF655Cdw versions prior to firmware v05.08
i-SENSYS MF651Cdw versions prior to firmware v05.08
i-SENSYS LBP633Cdw versions prior to firmware v05.08
i-SENSYS LBP631Cdw versions prior to firmware v05.08
i-SENSYS MF553dw versions prior to firmware v05.08
i-SENSYS MF552dw versions prior to firmware v05.08
i-SENSYS MF455dw versions prior to firmware v05.08
i-SENSYS MF453dw versions prior to firmware v05.08
i-SENSYS LBP236dw versions prior to firmware v05.08
i-SENSYS LBP233dw versions prior to firmware v05.08
imageRUNNER 1643iF II versions prior to firmware v05.08
imageRUNNER 1643i II versions prior to firmware v05.08
i-SENSYS X 1238iF II versions prior to firmware v05.08
i-SENSYS X 1238i II versions prior to firmware v05.08
i-SENSYS X 1238P II versions prior to firmware v05.08
i-SENSYS X 1238Pr II versions prior to firmware v05.08
Description
A buffer overflow vulnerability exists in the WebService Authentication processing of Canon Small Office Multifunction Printers and Laser Printers. This vulnerability may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. The issue affects various models of printers sold globally, including those in Japan, the US, and Europe.
Recommendations
Update the firmware of the affected Canon printers to a version later than v05.07.
As a temporary workaround, consider disabling the WebService Authentication feature until a patch is available.
Restrict access to the network segment where the affected printers are located to minimize the risk of exploitation.
Apply the patch provided by Canon for the affected models as soon as possible.
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Color Imageclass
Laser Printers
Satera
Small Office Multifunction Printers
Isensys
Imagerunner