InfoSecBulletin Cybersecurity for mankind
Canon has issued a security alert for its laser and small office printers, revealing seven critical vulnerabilities that could let remote attackers fully control the devices. These flaws, which all have a CVSS score of 9.8, impact many imageCLASS, i-SENSYS, and Satera models available in the US, Europe, and Japan.
The main issue is how these printers handle network traffic when unprotected by a firewall. According to the advisory, the risk is acute “if a product is connected directly to the Internet without using a router (wired or Wi-Fi)”.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
An unauthenticated remote attacker could exploit a vulnerability to cause a buffer overflow or invalid free, which may allow them to execute arbitrary code or cause a Denial-of-Service (DoS) attack. Essentially, a hacker could take control of the printer to steal documents, gain access to the network, or crash it permanently.
The advisory details a barrage of buffer overflow and memory corruption issues, each assigned the near-maximum severity score of 9.8.
CVE-2025-14231: Buffer overflow in “print job processing by WSD”.
CVE-2025-14232: Buffer overflow in “XML processing of XPS file”.
CVE-2025-14233: Invalid free in “CPCA file deletion processing”.
CVE-2025-14234: Buffer overflow in “CPCA list processing”.
CVE-2025-14235: Buffer overflow in “XPS font fpgm data processing”.
CVE-2025-14236: Buffer overflow in “Address Book attribute tag processing”.
CVE-2025-14237: Buffer overflow in “XPS font parse processing”.
Vulnerabilities affect devices with firmware v06.02 and earlier, and the specific models vary by region.
US: Color imageCLASS LBP630C/MF650C, imageCLASS LBP230, X LBP1238 II, and others.
Europe: i-SENSYS LBP630C/MF650C, imageRUNNER 1643i II, and others.
Japan: Satera LBP670C and MF750C Series.
“We advise that our customers install the latest firmware available,” the company stated, noting that fixes will be uploaded to local sales representative websites .
Physical isolation is currently the best defense. Canon recommends customers to set a private IP address for their products and use a firewall or router to limit network access.
