CPE2025-052 - Vulnerability Mitigation/Remediation for Therefore Online and On-Premises
October 20, 2025
Canon Inc.
Description:
Therefore™ has recently become aware that the Therefore™ Online and On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access all the documents stored in Therefore™. This impersonation would have affected the Therefore level only, not the operating system level.
Affected Versions:
All Therefore™ On-Premises versions.
For Therefore™ 2025, 2024, and 2023, a hotfix is available to install.
Therefore™ 2022 and earlier versions are no longer under support and thus ineligible for a hotfix. An alternative method to secure such systems is described in the Therefore knowledge base article.
Note: All Therefore™ Online systems have already been patched. No further action is required from users or administrators.
Remediation/Mitigation:
We strongly recommend patching all Therefore™ On-Premises systems, regardless of version.
Therefore™ Community members with Extranet access: Read the knowledge base article and follow the instructions.
Customers: Please contact your local Canon office or authorized reseller partner for more information.
CVE/CVSS:
CVE-2025-11843: Therefore™ Online and On-Premises contains an account impersonation issue which could potentially allow the attacker to access all the stored data. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Base Score: 8.8
Thanks for signing up!
The application has encountered an unknown error. Please try again in a few minutes!
By clicking Sign Up, you are opting to receive promotional, educational, e-commerce and product registration emails from Canon USA. You can update your preferences or unsubscribe at anytime.