Home Canon CVE-2025-2146
Back to Canon

CVE-2025-2146

Canon Printers - WebService Authentication

Canon CVSS 9.8 Updated April 6, 2026

Executive Risk Summary

"A buffer overflow vulnerability in the WebService Authentication processing of Canon Small Office Multifunction Printers and Laser Printers may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. This vulnerability affects various Canon printer models sold in Japan, the US, and Europe with firmware version v05.07 and earlier."

Anticipated Attack Path

  1. 1. Attacker sends a crafted request to the WebService Authentication endpoint
  2. 2. Buffer overflow occurs, potentially allowing arbitrary code execution
  3. 3. Attacker gains control of the affected printer, potentially leading to further exploitation

Am I Vulnerable?

  • Verify the firmware version of the Canon printer models
  • Check for any suspicious network activity targeting the WebService Authentication endpoint
  • Apply the latest firmware update to mitigate the vulnerability

Operational Audit Arsenal

Target Type firmware
Target Asset WebService Authentication
Standard Path Canon printer models (e.g., Satera MF656Cdw, Color imageCLASS MF656Cdw, i-SENSYS MF657Cdw)

Manual Verification Required

This is a non-Windows asset (Canon). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Potential disruption to printing services during firmware update

Internal Work Notes

CVE-2025-2146: Buffer overflow vulnerability in Canon Printers - WebService Authentication, requiring firmware update to mitigate potential arbitrary code execution

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://canon.jp/support/support-info/250127vulnerability-response
Official Advisoryhttps://psirt.canon/advisory-information/cp2025-001/
Official Advisoryhttps://www.canon-europe.com/support/product-security/#news
Official Advisoryhttps://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

Related Canon Threats

CVE-2025-14232 CVSS 9.8

Canon Laser Printers and Small Office Multifunction Printers - XML Processing
CVE-2025-14233 CVSS 9.8

Canon Printers - CPCA file deletion processing
CVE-2025-14231 CVSS 9.8

Canon - Print Job Processing by WSD
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.