CVE-2025-9904 is a vulnerability identified in Canon Inc.'s Generic Plus PCL6 Printer Driver and several related drivers including Generic Plus UFR II, LIPS4, LIPSLX, PS Printer Driver, UFRII LT, CARPS2, and Generic FAX Driver. The issue is categorized under CWE-696, which relates to incorrect behavior order, specifically causing unallocated memory access during the print processing workflow. This flaw can lead to instability or crashes in the print spooler or printer service, effectively causing a denial of service (DoS) condition. The vulnerability affects driver versions 3.30 and earlier and was published on September 29, 2025. The CVSS v3.1 base score is 5.3, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope remains unchanged (S:U), and the impact is limited to availability (A:L) with no confidentiality or integrity impact. No patches or fixes have been linked yet, and no exploits are known to be active in the wild. The vulnerability could be exploited remotely by an unauthenticated attacker to disrupt printing services by triggering unallocated memory access errors, potentially causing crashes or denial of service. This could impact business operations relying on printing capabilities, especially in environments with centralized print servers or networked printers using these drivers. Given the broad range of affected drivers, the vulnerability has a wide potential impact across various Canon printing devices and configurations.

For European organizations, the primary impact of CVE-2025-9904 is the potential disruption of printing services due to denial of service conditions caused by unallocated memory access in the affected Canon printer drivers. This can lead to operational downtime, especially in sectors such as government, finance, healthcare, and manufacturing where printing remains critical for documentation, compliance, and communication. The vulnerability does not compromise confidentiality or data integrity but affects availability, which can delay business processes and reduce productivity. Network-exposed print servers or shared printers are particularly at risk, as attackers can exploit the flaw remotely without authentication or user interaction. Organizations with large-scale print infrastructure or centralized print management are more vulnerable to widespread impact. Although no known exploits exist currently, the medium severity score and ease of exploitation suggest that attackers could develop exploits, increasing risk over time. Additionally, disruption in printing could indirectly affect compliance with regulatory requirements that mandate timely documentation and record-keeping. The lack of patches at present means organizations must rely on interim mitigations to reduce exposure.

1. Monitor Canon’s official channels closely for the release of patched driver versions beyond 3.30 and apply updates promptly once available. 2. Restrict network access to print servers and printers using these drivers by implementing network segmentation and firewall rules to limit exposure to trusted hosts only. 3. Disable unnecessary print services or protocols on endpoints and servers to reduce attack surface. 4. Employ print server monitoring tools to detect abnormal crashes or service interruptions indicative of exploitation attempts. 5. Where possible, replace affected Canon drivers with alternative, unaffected drivers or printer models until patches are available. 6. Educate IT and security teams about this vulnerability to ensure rapid response to any signs of exploitation. 7. Implement strict access controls and logging on print infrastructure to trace any suspicious activity. 8. Consider deploying endpoint protection solutions capable of detecting anomalous behavior related to print spooler crashes or memory access violations. 9. Test print environments in isolated lab settings before deploying updated drivers to avoid operational disruptions. 10. Maintain regular backups of critical print server configurations and logs to facilitate recovery if denial of service occurs.