do son 
Canon has issued a security notice regarding a critical vulnerability found in certain printer drivers for its production printers, office/small office multifunction printers, and laser printers. The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that “may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application“.
The affected printer drivers include several versions of Canon’s Generic Plus drivers:
- Generic Plus PCL6 Printer Driver – V3.12 and earlier
- Generic Plus UFR II Printer Driver – V3.12 and earlier
- Generic Plus LIPS4 Printer Driver – V3.12 and earlier
- Generic Plus LIPSLX Printer Driver – V3.12 and earlier
- Generic Plus PS Printer Driver – V3.12 and earlier
The specific Common Vulnerabilities and Exposures (CVE) identifier for this flaw is CVE-2025-1268. The vulnerability lies within the EMF Recode processing of these Generic Plus printer drivers. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.4, indicating its critical severity.
Canon has credited the Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting this vulnerability.
Canon is taking steps to address this vulnerability by providing updated printer drivers. According to the notice, “Printer drivers designed to address the issue will be uploaded on websites of your local Canon sales representatives“. Canon strongly advises its customers to “install the latest printer drivers available” to mitigate the risk.
Related Posts:
- New Phishing Trend: Generic Pages Impersonate Any Brand
- CVE-2024-12647 (CVSS 9.8): Canon Printers at Risk of Remote Code Execution
- Canon Warns of Critical Vulnerabilities in Printers: RCE & DoS Attacks
- Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update
- Windows 11 Printing Problems: Microsoft Confirms Spontaneous Printing Bug
