InfoSecBulletin Cybersecurity for mankind
Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers. This out-of-bounds issue may disrupt printing or allow malicious code execution when processed by a harmful application.
The affected printer drivers include several versions of Canon’s Generic Plus drivers:
AMD discloses 4 new CPU flaws Affecting Many CPUs
GitLab patched XSS and Authorization Bypass Flaws
CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow
Urgently patch now: Zoom Patches 6 Flaws
Whatsapp rival ‘Bitchat’, message without internet
Splunk Addresses Third-Party Package Vulns in SOAR Versions
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs
CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws
Android malware Anatsa infiltrates Google Play targeting banks worldwide
Generic Plus PCL6 Printer Driver – V3.12 and earlier
Generic Plus UFR II Printer Driver – V3.12 and earlier
Generic Plus LIPS4 Printer Driver – V3.12 and earlier
Generic Plus LIPSLX Printer Driver – V3.12 and earlier
Generic Plus PS Printer Driver – V3.12 and earlier
The flaw is identified by CVE-2025-1268 and affects the EMF Recode processing of Generic Plus printer drivers. It has a critical CVSS score of 9.4.
Canon has thanked the Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting this vulnerability.
Canon is addressing this vulnerability by releasing updated printer drivers. They advise customers to install the latest drivers available on their local Canon sales representatives’ websites to reduce risk.
