Friday, May 2, 2025
HomeCVE/vulnerabilityCanon Printer Vulnerability Allows Attackers to Execute Arbitrary Code

Canon Printer Vulnerability Allows Attackers to Execute Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

A security vulnerability, tracked as CVE-2025-1268, has been found in certain Canon printer drivers, potentially allowing attackers to execute arbitrary code.

The flaw, categorized as an out-of-bounds vulnerability, affects printer drivers for office multifunction printers, small office printers, production printers, and laser printers.

Canon has acknowledged the issue and urged users to update their printer driver software promptly.

- Advertisement - Google News

Details of the Vulnerability

The vulnerability lies in the EMF Recode processing of affected printer drivers, which mishandles certain operations and enables attackers to exploit the system by executing arbitrary code.

This type of attack can occur when the print job is processed by a malicious application. If exploited, the vulnerability may lead to compromising the confidentiality, integrity, and availability of the affected system.

The Common Vulnerability Scoring System (CVSS) v3.1 has rated this flaw with a Base Score of 9.4, indicating a severe risk level. The breakdown of the CVSS rating is as follows:

  • Attack Vector (AV): Network
  • Attack Complexity (AC): Low
  • Privileges Required (PR): None
  • User Interaction (UI): None
  • Scope (S): Unchanged
  • Confidentiality (C): High
  • Integrity (I): High
  • Availability (A): Low

This score highlights the ease with which the vulnerability can be exploited and the significant impact it could have on systems using the affected printer drivers.

Affected Printer Drivers

The vulnerability impacts the following Canon printer driver versions:

  • Generic Plus PCL6 Printer Driver – V3.12 and earlier
  • Generic Plus UFR II Printer Driver – V3.12 and earlier
  • Generic Plus LIPS4 Printer Driver – V3.12 and earlier
  • Generic Plus LIPSLX Printer Driver – V3.12 and earlier
  • Generic Plus PS Printer Driver – V3.12 and earlier

These drivers are commonly installed on devices ranging from small office printers to production printing systems, meaning the scope of the issue could affect businesses globally.

Remediation and Mitigation

Canon has announced that updated printer drivers addressing this vulnerability will be made available through the websites of their local sales representatives.

Users are strongly advised to check for updates and install the latest driver versions to safeguard their systems against potential exploitation.

The company expressed gratitude to the Microsoft Offensive Research and Security Engineering (MORSE) Team for identifying and reporting the vulnerability.

Their collaboration enabled Canon to respond swiftly to mitigate risks for its customers.

  • Upgrade Immediately: Ensure you download and install the updated printer drivers from official sources.
  • Monitor Systems: Keep an eye on systems connected to affected printers for unusual activity.
  • Secure Networks: Prevent unauthorized access to printers by employing firewalls and network security measures.

As vulnerabilities like CVE-2025-1268 highlight the risks of outdated software, this incident underscores the importance of proactive security practices in protecting modern IT environments.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...