A serious security vulnerability has been discovered in several Canon printer drivers, and it\u2019s important for all organizations and users to be aware\u2014especially those using Canon office or production printers.<\/p>\n
Microsoft\u2019s Offensive Research and Security Engineering (MORSE) team recently alerted Canon about a critical security flaw, now tracked as CVE-2025-1268, with a severity score of 9.4 out of 10 on the CVSS scale.<\/p>\n
This vulnerability affects the Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS printer drivers, particularly versions 3.12 and earlier. These drivers are used in various Canon:<\/p>\n
According to Canon\u2019s advisory, this out-of-bounds vulnerability can be exploited during the print process, potentially:<\/p>\n
This kind of exploit can be launched using a technique known as BYOVD (Bring Your Own Vulnerable Driver)\u2014a method attackers use to sneak past security by leveraging trusted but flawed drivers.<\/p>\n
Canon strongly urges users to:\n<\/p>\n
\u2705 Check the official Canon support website for updated drivers<\/p>\n
\n\u2705 Install patched versions as soon as they\u2019re available\n<\/p>\n
\u2705 Avoid using outdated driver versions (v3.12 and below)\n<\/p>\n
\u2705 Work with your IT team to verify the status of Canon drivers in your environment<\/p>\n
Printer drivers are often overlooked in cybersecurity strategies, but they run with high system privileges, making them attractive targets for attackers. Vulnerabilities like this can compromise more than just printing\u2014they can become a doorway into your network.<\/p>\n
By staying informed and applying patches promptly, your organization can significantly reduce the risk of exploitation.<\/p>\n","protected":false},"excerpt":{"rendered":"
A serious security vulnerability has been discovered in several Canon printer drivers, and it\u2019s important for all organizations and users to be aware\u2014especially those using Canon office or production printers. […]<\/p>\n","protected":false},"author":1,"featured_media":485,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/comments?post=486"}],"version-history":[{"count":0,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/posts\/486\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media\/485"}],"wp:attachment":[{"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/media?parent=486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/categories?post=486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qld.cybersafebusiness.au\/index.php\/wp-json\/wp\/v2\/tags?post=486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}