CVE-2025-2146
Published: May 25, 2025
Modified: May 27, 2025
CVSS v3.1
9.8
Description
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.
| Vendor | Product | Versions |
|---|---|---|
Canon Inc. | Satera MF656Cdw | affected 05.07 and earlier |
Canon Inc. | Satera MF654Cdw | affected 05.07 and earlier |
Canon Inc. | Satera MF551dw | affected 05.07 and earlier |
Canon Inc. | Satera MF457dw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS MF656Cdw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS MF654Cdw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS MF653Cdw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS MF652Cdw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS LBP633Cdw | affected 05.07 and earlier |
Canon Inc. | Color imageCLASS LBP632Cdw | affected 05.07 and earlier |
Canon Inc. | imageCLASS MF455dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS MF453dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS MF452dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS MF451dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS LBP237dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS LBP236dw | affected 05.07 and earlier |
Canon Inc. | imageCLASS X MF1238 II | affected 05.07 and earlier |
Canon Inc. | imageCLASS X MF1643i II | affected 05.07 and earlier |
Canon Inc. | imageCLASS X MF1643iF II | affected 05.07 and earlier |
Canon Inc. | imageCLASS X LBP1238 II | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF657Cdw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF655Cdw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF651Cdw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS LBP633Cdw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS LBP631Cdw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF553dw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF552dw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF455dw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS MF453dw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS LBP236dw | affected 05.07 and earlier |
Canon Inc. | i-SENSYS LBP233dw | affected 05.07 and earlier |
Canon Inc. | imageRUNNER 1643iF II | affected 05.07 and earlier |
Canon Inc. | imageRUNNER 1643i II | affected 05.07 and earlier |
Canon Inc. | i-SENSYS X 1238iF II | affected 05.07 and earlier |
Canon Inc. | i-SENSYS X 1238i II | affected 05.07 and earlier |
Canon Inc. | i-SENSYS X 1238P II | affected 05.07 and earlier |
Canon Inc. | i-SENSYS X 1238Pr II | affected 05.07 and earlier |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now