CVE-2025-1268
📋 TL;DR
This CVE describes an out-of-bounds write vulnerability in multiple Canon printer drivers that could allow an attacker to execute arbitrary code with system privileges. It affects users of Canon production printers, office multifunction printers, and laser printers. The vulnerability is triggered when processing EMF (Enhanced Metafile) files through the vulnerable drivers.
💻 Affected Systems
- Generic Plus PCL6 Printer Driver
- Generic Plus UFR II Printer Driver
- Generic Plus LIPS4 Printer Driver
- Generic Plus LIPSLX Printer Driver
- Generic Plus PS Printer Driver
- Generic FAX Printer Driver
- UFRII LT Printer Driver
- CARPS2 Printer Driver
- PDF Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with SYSTEM/root privileges leading to complete system compromise, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or remote code execution if an attacker can deliver a malicious EMF file to a user with vulnerable drivers installed.
If Mitigated
Denial of service or application crash if exploit attempts are blocked by security controls.
🎯 Exploit Status
Requires user interaction to process malicious EMF file. No public exploits available at disclosure time, but CVSS 9.4 suggests high exploitability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated drivers released March 2025
Vendor Advisory: https://psirt.canon/advisory-information/cp2025-003/
Restart Required: Yes
Instructions:
1. Visit Canon support website for your printer model. 2. Download and install the latest printer driver version. 3. Restart the system. 4. Verify installation through device manager or driver properties.
🔧 Temporary Workarounds
Restrict EMF file processing
windowsBlock or restrict processing of EMF files through group policy or application control
Remove vulnerable drivers
windowsUninstall affected Canon printer drivers if not essential
Control Panel > Programs > Uninstall affected Canon drivers
🧯 If You Can't Patch
- Implement application whitelisting to block unauthorized printer driver execution
- Use network segmentation to isolate systems with vulnerable drivers from critical assets
🔍 How to Verify
Check if Vulnerable:
Check installed printer drivers in Control Panel > Devices and Printers > Printer Properties > Advanced tab for driver versionCheck Version:
wmic printer get name, drivername, driverversion (Windows) or lpinfo -v (Linux)Verify Fix Applied:
Verify driver version matches or exceeds March 2025 updates from Canon support site📡 Detection & Monitoring
Log Indicators:
- Application crashes in printer spooler service
- Unexpected EMF file processing events
- Driver loading failures
Network Indicators:
- Unusual outbound connections from print spooler
- EMF file downloads to print servers
SIEM Query:
EventID=7031 OR EventID=1000 Source=spoolsv.exe OR ProcessName=spoolsv.exe🔗 References
- https://canon.jp/support/support-info/250328vulnerability-response
- https://psirt.canon/advisory-information/cp2025-003/
- https://www.canon-europe.com/support/product-security/
- https://www.usa.canon.com/about-us/to-our-customers/service-notice-vulnerability-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-and-laser-printers
