CVE-2025-9904 is a medium-severity vulnerability identified in Canon Inc.'s Generic Plus PCL6 Printer Driver and related printer drivers including Generic Plus UFR II, LIPS4, LIPSLX, and PS Printer Drivers, affecting versions 3.30 and earlier. The vulnerability is classified under CWE-696, which pertains to incorrect behavior order, specifically involving unallocated memory access during print processing. This flaw arises when the driver attempts to access memory regions that have not been properly allocated, potentially leading to undefined behavior such as application crashes or denial of service. The vulnerability has a CVSS v3.1 base score of 5.3, indicating a medium level of risk. The vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) reveals that the vulnerability is remotely exploitable over the network without requiring privileges or user interaction, but it only impacts availability, not confidentiality or integrity. No known exploits are currently reported in the wild, and no patches have been published yet. The flaw affects the print processing pipeline, which is critical for handling print jobs, and improper memory handling could cause the print spooler or related services to crash, disrupting printing capabilities and potentially impacting business operations relying on these drivers.

For European organizations, this vulnerability could disrupt printing services, which remain essential in many sectors such as government, healthcare, finance, and manufacturing. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact could cause operational delays or downtime, especially in environments with heavy printing demands or automated print workflows. Organizations relying on Canon printers with the affected drivers may face service interruptions if exploited. Given the network-exploitable nature without authentication or user interaction, attackers could remotely trigger denial of service conditions, potentially as part of broader disruption campaigns or targeted attacks. This could be particularly impactful in critical infrastructure or public sector environments where printing remains integral to document handling and compliance processes. However, the absence of known exploits and the medium severity score suggest the threat is moderate at present but warrants proactive mitigation.

European organizations should immediately inventory their printer infrastructure to identify devices using Canon Generic Plus PCL6 and related drivers at version 3.30 or earlier. Until official patches are released, organizations should consider the following specific mitigations: 1) Restrict network access to print servers and printers using firewall rules and network segmentation to limit exposure to untrusted networks. 2) Disable or limit remote printing protocols where feasible to reduce attack surface. 3) Monitor print server logs and system stability for signs of crashes or unusual behavior that could indicate exploitation attempts. 4) Implement strict access controls on print management interfaces to prevent unauthorized configuration changes. 5) Engage with Canon support channels to obtain updates or workarounds as they become available. 6) Consider temporarily replacing vulnerable drivers with updated or alternative drivers if possible. 7) Educate IT staff on the vulnerability details and response procedures to ensure rapid incident handling. These targeted steps go beyond generic advice by focusing on network exposure reduction, monitoring, and vendor engagement specific to this printer driver vulnerability.