Canon Critical Alert: 7 New Flaws Expose Printers to Remote Hackers

Canon has issued a security advisory for its small office and laser printer lineups, warning of seven critical vulnerabilities that could allow remote attackers to take complete control of devices. The flaws, all carrying a critical CVSS score of 9.8, affect a wide range of popular imageCLASS, i-SENSYS, and Satera models sold across the US, Europe, and Japan.

The vulnerabilities are particularly dangerous because they require no authentication to exploit. If a printer is exposed to the internet, it is fair game.

The core of the threat lies in how these printers handle network traffic when unprotected by a firewall. According to the advisory, the risk is acute “if a product is connected directly to the Internet without using a router (wired or Wi-Fi)”.

In this scenario, “an unauthenticated remote attacker could trigger a buffer overflow or invalid free, potentially leading to arbitrary code execution and/or a Denial-of-Service (DoS) attack”. This means a hacker could theoretically hijack the printer to steal documents, use it as a foothold into the wider network, or simply crash it permanently.

The advisory details a barrage of buffer overflow and memory corruption issues, each assigned the near-maximum severity score of 9.8.

• CVE-2025-14231: Buffer overflow in “print job processing by WSD”.
• CVE-2025-14232: Buffer overflow in “XML processing of XPS file”.
• CVE-2025-14233: Invalid free in “CPCA file deletion processing”.
• CVE-2025-14234: Buffer overflow in “CPCA list processing”.
• CVE-2025-14235: Buffer overflow in “XPS font fpgm data processing”.
• CVE-2025-14236: Buffer overflow in “Address Book attribute tag processing”.
• CVE-2025-14237: Buffer overflow in “XPS font parse processing”.

The vulnerabilities impact devices running firmware v06.02 and earlier . The affected series vary by region:

• US: Color imageCLASS LBP630C/MF650C, imageCLASS LBP230, X LBP1238 II, and others.
• Europe: i-SENSYS LBP630C/MF650C, imageRUNNER 1643i II, and others.
• Japan: Satera LBP670C and MF750C Series.

“We advise that our customers install the latest firmware available,” the company stated, noting that fixes will be uploaded to local sales representative websites .

In the meantime, physical isolation is the best defense. Canon advises customers to “set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access”.

Related Posts:

• Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update
• Print Security Warning: Canon Printers Exposed to Data Theft
• Critical (CVSS 9.8): Canon Printers Vulnerable to Arbitrary Code Execution
• Canon Fixes Critical Printer Driver Flaw: CVE-2025-1268 Alert