A critical buffer overflow vulnerability, identified as CVE-2025-14236, exists in the firmware of multiple Canon small office multifunction printers. An attacker on the same network segment could exploit this flaw to cause the device to become unresponsive or, more severely, to execute arbitrary code, potentially leading to a complete compromise of the device and a pivot point into the broader corporate network.

A buffer overflow vulnerability exists in the function responsible for processing Address Book attribute tags. An unauthenticated attacker on the local network can send a specially crafted request to an affected printer. This request can overwrite memory buffers, leading to either a crash and a denial of service (making the printer unresponsive) or the execution of arbitrary code with the privileges of the printer's operating system.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have severe consequences for the business. An attacker gaining arbitrary code execution on a multifunction printer could access sensitive information that is printed, scanned, or stored on the device, including confidential documents and credentials. Furthermore, a compromised printer can be used as a foothold to launch further attacks against other systems on the internal network, bypassing perimeter defenses. A denial-of-service attack could disrupt critical business functions that rely on printing and scanning capabilities.

Immediate Action: Immediately identify all affected multifunction printers and update their firmware to a version later than v06.02, as recommended by the vendor. This is the most effective way to mitigate the vulnerability. After patching, monitor the devices for any unusual behavior and review access logs for signs of attempted exploitation prior to the update.

Proactive Monitoring: Implement enhanced network and device monitoring. Specifically, look for unusual network traffic patterns to and from the affected printers, especially malformed requests related to Address Book functions. Monitor device logs for unexpected crashes, reboots, or error messages that could indicate an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Network Segmentation: Isolate printers on a separate network VLAN with strict access control lists (ACLs) to limit communication to only essential systems, such as print servers.
• Firewall Rules: Configure firewalls to restrict access to the printer's management interface and other services from unauthorized segments of the network.
• Disable Unused Services: Harden the printer's configuration by disabling any unnecessary network services or protocols to reduce the attack surface.

Public Exploit Available: False

Due to the critical severity (CVSS 9.8) of this vulnerability and the risk of remote code execution, we strongly recommend that organizations prioritize the immediate patching of all affected Canon multifunction printers. Although there is no evidence of active exploitation at this time, the potential for a compromised network device to be used as an entry point for a larger attack is significant. If patching cannot be performed immediately, implement the suggested compensating controls, particularly network segmentation, to mitigate the risk until the firmware can be updated.