Critical Flaw (CVE-2025-22470, CVSS 9.8) in SATO Industrial Label Printers Allow Remote Root Takeover

Ddos August 7, 2025 2 minutes read

JPCERT/CC has issued a vulnerability note detailing two critical security flaws in SATO Corporation’s widely deployed industrial label printers—CL4/6NX Plus and CL4/6NX-J Plus series. These vulnerabilities, tracked as CVE-2025-22469 and CVE-2025-22470, could allow remote attackers to execute arbitrary commands or gain root access to the devices.

The following SATO label printers are impacted:

CL4/6NX Plus, firmware versions prior to 1.15.5-r1
CL4/6NX-J Plus (Japan model), firmware versions prior to 1.15.5-r1

Two flaws include:

CVE-2025-22469 (CVSS 7.2) — OS Command : Allows remote execution of arbitrary OS commands using a certain non-administrative user account.Injection
CVE-2025-22470 (CVSS 9.8) — Unrestricted Upload of Dangerous File Type: Enables an attacker to upload and execute arbitrary Lua scripts on the system with root privileges.

Together, these flaws represent a significant threat in environments where these printers are connected to operational networks, such as in logistics, manufacturing, and healthcare.

SATO urges all customers to immediately update the firmware to version 1.15.5-r1 or later to mitigate the vulnerabilities. However, if firmware updates are not feasible due to operational constraints, the company has advised a temporary workaround:

Enable firewall
Go to the printer’s Settings menu and click Interface> Network> Advanced> Firewall> Enable.
Disable WebConfig (function for viewing or changing printer settings via web browser)
Go to the printer’s Settings menu and click Interface> Network> Advanced> Firewall> Allow Services and Ports> WebConfig> Disable.

Rate this post

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Related Posts:

Support Our Threat Intelligence

Related posts:

Leave a Reply Cancel reply