QwikSec

Security Database

CVE

CWE

Training

CVE-2025-42598

Published: Apr 28, 2025

Modified: Apr 28, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.

Vendor	Product	Versions
SEIKO EPSON CORPORATION	SEIKO EPSON printer drivers for Windows OS	affected `see the information provided by SEIKO EPSON CORPORATION.`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.epson.co.uk/en_GB/faq/KA-01993/contents?loc=en-us

https://www.epson.jp/support/misc_t/250428_oshirase.htm

https://www2.epson.jp/support/misc_t/windrv_productlist.pdf

https://jvn.jp/en/vu/JVNVU90649144/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.