130/68 Thursday, April 3, 2025
Microsoft’s MORSE (Microsoft Offensive Research and Security Engineering) team has discovered a critical vulnerability, tracked as CVE-2025-1268 (CVSS 9.4), affecting Canon printer drivers. The vulnerability is classified as an out-of-bounds issue that impacts various printer driver models, including those for production printers, office/small office multifunction printers, and laser printers—particularly during the EMF recode process of the Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS drivers.
The flaw could allow an attacker to disrupt printing operations or execute malicious code using a specially crafted application designed to exploit the driver. Canon has issued a security advisory, stating that it will release updated drivers to address the issue and urges all users to install the latest driver versions as soon as they become available on Canon’s official website.
In addition, Canon noted that other vulnerabilities may lead to Remote Code Execution (RCE) or Denial-of-Service (DoS) attacks. The company warned that devices connected directly to the internet without protection from a router or Wi-Fi router are particularly at risk, as attackers could remotely execute code or cause the printers to crash. Users are advised to properly secure their network configurations and apply firmware and driver updates promptly to mitigate potential threats.
