CVE-2025-14235 is a critical security vulnerability classified under CWE-787 (Out-of-bounds Write) found in Canon Inc.'s Satera LBP670C Series and several related printer models including Color imageCLASS and i-SENSYS series. The vulnerability arises from improper handling of XPS font fpgm data during processing on Small Office Multifunction Printers and Laser Printers. Specifically, a buffer overflow occurs when processing this font data, allowing an attacker positioned on the same network segment to exploit the flaw. Exploitation can lead to arbitrary code execution or cause the printer to become unresponsive (denial of service). The affected firmware versions are 06.02 and earlier. The vulnerability requires no authentication, no user interaction, and can be triggered remotely over the network, making it highly exploitable. The CVSS 4.0 score of 9.3 indicates critical severity with high impact on confidentiality, integrity, and availability. The vulnerability affects devices sold in Japan, the US, and Europe, including popular Canon printer models used in enterprise and office environments. Although no known exploits are currently in the wild, the nature of the vulnerability and ease of exploitation make it a significant risk. Attackers could leverage this flaw to gain control over the printer, potentially using it as a pivot point for further network compromise or to disrupt printing services critical to business operations.

For European organizations, this vulnerability poses a significant risk due to the widespread use of affected Canon printer models such as the i-SENSYS and imageRUNNER series. Exploitation could lead to complete compromise of the printer, allowing attackers to execute arbitrary code, disrupt printing services, or use the device as a foothold within the network. This could result in data leakage, interruption of business-critical printing operations, and potential lateral movement to other internal systems. Given that printers often have network access and may be less monitored than other endpoints, they represent attractive targets for attackers. The vulnerability's ability to be exploited without authentication or user interaction increases the likelihood of successful attacks, especially in environments with flat or poorly segmented networks. Additionally, disruption of printing services can impact operational efficiency in sectors such as finance, healthcare, and government institutions across Europe. The confidentiality of documents processed through these printers could also be at risk if attackers gain control.

1. Immediate firmware update: Canon should be contacted for patches or firmware updates beyond version 06.02; organizations must prioritize applying these updates as soon as they become available. 2. Network segmentation: Isolate printers on dedicated VLANs or network segments to limit exposure to untrusted users and reduce the attack surface. 3. Access control: Restrict network access to printers by implementing firewall rules that limit communication to trusted hosts and management systems only. 4. Disable unnecessary protocols: Turn off any unused network services or protocols on the printers to reduce potential attack vectors. 5. Monitor network traffic: Deploy intrusion detection/prevention systems to detect anomalous traffic targeting printers, especially malformed XPS font data packets. 6. Physical security: Ensure printers are physically secured to prevent unauthorized local access. 7. Incident response readiness: Prepare to isolate affected devices quickly if exploitation is suspected to prevent lateral movement. 8. Vendor communication: Maintain close contact with Canon for updates, advisories, and exploit information. 9. User awareness: Educate staff about risks related to networked printers and encourage reporting of unusual printer behavior.