CVE-2025-2146

CRITICAL EPSS 49.7%
Published May 26, 20251y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 26, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
49.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 74

VendorProductVersionRange
canonsatera_mf656cdw_firmware* ≤05.07
canonsatera_mf656cdw*any
canonsatera_mf654cdw_firmware* ≤05.07
canonsatera_mf654cdw*any
canonsatera_mf551dw_firmware* ≤05.07
canonsatera_mf551dw*any
canonsatera_mf457dw_firmware* ≤05.07
canonsatera_mf457dw*any
canonimageclass_mf656cdw_firmware* ≤05.07
canonimageclass_mf656cdw*any
canonimageclass_mf654cdw_firmware* ≤05.07
canonimageclass_mf654cdw*any
canonimageclass_mf653cdw_firmware* ≤05.07
canonimageclass_mf653cdw*any
canonimageclass_mf652cdw_firmware* ≤05.07
canonimageclass_mf652cdw*any
canonimageclass_lbp633cdw_firmware* ≤05.07
canonimageclass_lbp633cdw*any
canonimageclass_lbp632cdw_firmware* ≤05.07
canonimageclass_lbp632cdw*any
canonimageclass_mf455dw_firmware* ≤05.07
canonimageclass_mf455dw*any
canonimageclass_mf453dw_firmware* ≤05.07
canonimageclass_mf453dw*any
canonimageclass_mf452dw_firmware* ≤05.07
canonimageclass_mf452dw*any
canonimageclass_mf451dw_firmware* ≤05.07
canonimageclass_mf451dw*any
canonimageclass_lbp237dw_firmware* ≤05.07
canonimageclass_lbp237dw*any
canonimageclass_lbp236dw_firmware* ≤05.07
canonimageclass_lbp236dw*any
canonimageclass_x_mf1238_ii_firmware* ≤05.07
canonimageclass_x_mf1238_ii*any
canonimageclass_x_mf1643i_ii_firmware* ≤05.07
canonimageclass_x_mf1643i_ii*any
canonimageclass_x_mf1643if_ii_firmware* ≤05.07
canonimageclass_x_mf1643if_ii*any
canonimageclass_x_lbp1238_ii_firmware* ≤05.07
canonimageclass_x_lbp1238_ii*any
canoni-sensys_mf657cdw_firmware* ≤05.07
canoni-sensys_mf657cdw*any
canoni-sensys_mf655cdw_firmware* ≤05.07
canoni-sensys_mf655cdw*any
canoni-sensys_mf651cdw_firmware* ≤05.07
canoni-sensys_mf651cdw*any
canoni-sensys_lbp633cdw_firmware* ≤05.07
canoni-sensys_lbp633cdw*any
canoni-sensys_lbp631cdw_firmware* ≤05.07
canoni-sensys_lbp631cdw*any
canoni-sensys_mf553dw_firmware* ≤05.07
canoni-sensys_mf553dw*any
canoni-sensys_mf552dw_firmware* ≤05.07
canoni-sensys_mf552dw*any
canoni-sensys_mf455dw_firmware* ≤05.07
canoni-sensys_mf455dw*any
canoni-sensys_mf453dw_firmware* ≤05.07
canoni-sensys_mf453dw*any
canoni-sensys_lbp236dw_firmware* ≤05.07
canoni-sensys_lbp236dw*any
canoni-sensys_lbp233dw_firmware* ≤05.07
canoni-sensys_lbp233dw*any
canonimagerunner_1643if_ii_firmware* ≤05.07
canonimagerunner_1643if_ii*any
canonimagerunner_1643i_ii_firmware* ≤05.07
canonimagerunner_1643i_ii*any
canoni-sensys_x_1238if_ii_firmware* ≤05.07
canoni-sensys_x_1238if_ii*any
canoni-sensys_x_1238i_ii_firmware* ≤05.07
canoni-sensys_x_1238i_ii*any
canoni-sensys_x_1238p_ii_firmware* ≤05.07
canoni-sensys_x_1238p_ii*any
canoni-sensys_x_1238pr_ii_firmware* ≤05.07
canoni-sensys_x_1238pr_ii*any

References 4

  • canon.jp https://canon.jp/support/support-info/250127vulnerability-response
    Vendor Advisory
  • psirt.canon https://psirt.canon/advisory-information/cp2025-001/
    Vendor Advisory
  • canon-europe.com https://www.canon-europe.com/support/product-security/#news
    Vendor Advisory
  • usa.canon.com https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.