CP2025-004 Vulnerability Mitigation/Remediation for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

May 19, 2025
Canon Inc.

Description:

A passback vulnerability has been identified which may impact some Canon production printers, office/small office multifunction printers and laser printers. This vulnerability could allow a malicious actor, if they are able to obtain administrative privileges on the product, to acquire authentication information such as SMTP/LDAP connections configured within the product.

Affected Products:

  • imageRUNNER ADVANCE Series
  • imageRUNNER Series
  • imagePRESS V Series
  • imagePRESS Series
  • imageCLASS Series
  • i-sensys Series
  • Satera Series

Mitigation/Remediation:

With the security of our customers’ print infrastructure being of critical importance, we advise that the below guidelines are followed:

  • Avoid connecting products directly to public internet networks. Instead, when connecting to the internet, use a private IP address in an environment where the internet can be accessed from a secure private network, built with firewall products, wired routers or Wi-Fi routers.
  • Change the product’s default password to a new password.
  • Set up administrator and general user IDs and passwords.
  • Ensure that passwords and other similar settings for various functions are sufficiently difficult to guess.
  • If the product has single or multi-factor authentication functions, use them to confirm the identity of the end-user who is using the product.
  • Be aware of physical security needs, including those related to the location of the product etc.

Please see here for more information on securing products when connecting to a network.

In addition to the above measures, certain products have enhanced security features – more detail can be found on local Canon websites.

CVE/CVSS:

CVE-2025-3078: A passback vulnerability which relates to production printers and office multifunction printers - CVSS v4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N Base Score: 6.3, CVSS v3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Base Score: 8.7

CVE-2025-3079: A passback vulnerability which relates to office/small office multifunction printers and laser printers - CVSS v4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N Base Score: 6.3, CVSS v3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Base Score: 8.7

GET SUPPORT
Need help with your product? Let us help you find what you need.
Product Support
NEED IT FIRST
Sign up for up-to-the-minute Canon News, Sales and Deals.
LEARN WITH CANON
Discover great new ways to enjoy your products with exclusive articles, training and events.
Learn more