CVE-2025-9904 is a vulnerability classified under CWE-696 (Incorrect Behavior Order) found in Canon Inc.'s Generic Plus PCL6 Printer Driver and multiple related printer drivers, including Generic Plus UFR II, LIPS4, LIPSLX, PS, UFRII LT, CARPS2, Generic FAX, and others. The issue arises from an unallocated memory access during the print processing workflow, caused by an incorrect sequence of operations within the driver code. This flaw can lead to a denial of service condition by causing the printer driver or associated print spooler services to crash or become unstable. The vulnerability affects driver versions 3.30 and earlier. According to the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), the vulnerability is remotely exploitable over the network without requiring privileges or user interaction, but it only impacts availability, not confidentiality or integrity. No public exploits or patches are currently available, and the vulnerability was published on September 29, 2025. The root cause is the mishandling of memory allocation order in the driver's print processing logic, which can be triggered by specially crafted print jobs or data sent to the printer. This vulnerability affects a broad range of Canon printer drivers used in various environments, including enterprise print servers and individual workstations.

The primary impact of CVE-2025-9904 is a denial of service (DoS) condition affecting print services relying on the vulnerable Canon printer drivers. Organizations may experience print spooler crashes, loss of printing capability, and potential disruption of business operations dependent on printing. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact can be significant in environments with critical print workflows, such as healthcare, finance, government, and manufacturing sectors. The ease of remote exploitation without authentication or user interaction increases the risk of automated attacks or wormable scenarios if exploit code emerges. The lack of current known exploits reduces immediate risk, but the broad deployment of Canon printers worldwide means many organizations could be affected once exploitation attempts begin. Disruption of print services can also lead to operational delays and increased support costs. Additionally, denial of service on print servers could be leveraged as part of a larger attack chain to distract or degrade organizational defenses.

Until Canon releases official patches, organizations should implement the following mitigations: 1) Restrict network access to print servers and printers using Canon Generic Plus drivers by applying firewall rules and network segmentation to limit exposure to untrusted networks. 2) Disable or restrict remote printing protocols where possible, especially from untrusted sources. 3) Monitor print server logs and network traffic for unusual or malformed print jobs that could trigger the vulnerability. 4) Consider temporarily replacing vulnerable Canon drivers with alternative drivers or printers if feasible. 5) Apply strict access controls to print management interfaces and ensure only authorized personnel can submit print jobs. 6) Keep all related systems fully updated with the latest security patches and monitor Canon's advisories for patch releases. 7) Employ endpoint protection solutions capable of detecting abnormal process crashes or memory access violations related to print services. 8) Educate IT staff about the vulnerability and response procedures to quickly isolate affected systems if exploitation is suspected. These targeted actions go beyond generic advice by focusing on controlling exposure to the vulnerable print processing components and early detection of exploitation attempts.