CVE-2025-9904
📋 TL;DR
This CVE describes an unallocated memory access vulnerability in multiple Canon printer drivers that could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability affects users of Canon production printers, office printers, small office multifunction printers, laser printers, and related drivers. Successful exploitation requires an attacker to trick a user into opening a malicious document or printing to a vulnerable driver.
💻 Affected Systems
- Generic Plus PCL6 Printer Driver
- Generic Plus UFR II Printer Driver
- Generic Plus LIPS4 Printer Driver
- Generic Plus LIPSLX Printer Driver
- Generic Plus PS Printer Driver
- UFRII LT Printer Driver
- CARPS2 Printer Driver
- Generic FAX Driver
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the user running the print job, potentially leading to full system compromise.
Likely Case
Application crash or denial of service when processing malicious print jobs, disrupting printing functionality.
If Mitigated
Limited impact with proper network segmentation and user privilege restrictions, potentially only causing application instability.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious document or printing). No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated driver versions specified in Canon advisories
Vendor Advisory: https://psirt.canon/advisory-information/cp2025-005/
Restart Required: No
Instructions:
1. Visit Canon's security advisory page. 2. Identify your specific printer model and driver. 3. Download and install the updated driver version. 4. Verify installation and test printing functionality.
🔧 Temporary Workarounds
Restrict printing from untrusted sources
allImplement policies to prevent printing of documents from unknown or untrusted sources
Network segmentation for printers
allIsolate printers and print servers on separate network segments to limit attack surface
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized print jobs
- Use network access controls to restrict which systems can communicate with print servers
🔍 How to Verify
Check if Vulnerable:
Check installed printer driver versions against Canon's patched versions list in advisory CP2025-005Check Version:
Windows: Check printer properties in Devices and Printers; Linux/macOS: Check printer configuration or driver installation detailsVerify Fix Applied:
Verify driver version matches or exceeds the patched version specified by Canon for your printer model📡 Detection & Monitoring
Log Indicators:
- Unexpected print job failures
- Printer driver crash events in system logs
- Multiple failed print attempts from single source
Network Indicators:
- Unusual print job traffic patterns
- Print jobs originating from unexpected sources
SIEM Query:
EventID=7031 OR EventID=1000 (Windows) with source containing print spooler or printer driver components🔗 References
- https://canon.jp/support/support-info/250925vulnerability-response
- https://psirt.canon/advisory-information/cp2025-005/
- https://www.canon-europe.com/support/product-security/
- https://www.usa.canon.com/about-us/to-our-customers/cp2025-005-vulnerabilities-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-laser-printers
