Cyber Posture

CVE-2025-14232

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 20.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14232 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the buffer overflow vulnerability by requiring timely installation of Canon firmware updates to remediate the flaw in XML processing of XPS files.

SI-10 Information Input Validation good match
prevent

Prevents exploitation of the buffer overflow by enforcing validation of XML inputs in XPS files to reject malformed data that exceeds buffer limits.

SI-16 Memory Protection partial match
prevent

Mitigates buffer overflow impacts through memory protection mechanisms such as non-executable memory regions to block arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in network-exposed XPS/XML processing enables remote unauthenticated exploitation for RCE/DoS on device firmware, directly mapping to exploitation of public-facing applications and remote services.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C…

more

Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Deeper analysisAI

CVE-2025-14232 is a buffer overflow vulnerability (CWE-787) in the XML processing of XPS files within firmware versions v06.02 and earlier on various Canon Small Office Multifunction Printers and Laser Printers. Affected models include the Satera LBP670C Series and Satera MF750C Series (sold in Japan), Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II (sold in the US), and i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II (sold in Europe). The vulnerability was published on 2026-01-16 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

An unauthenticated attacker on the same network segment can exploit this vulnerability remotely by sending a malicious XPS file to the affected printer. Successful exploitation may cause the device to become unresponsive (denial of service) or allow arbitrary code execution, potentially leading to full compromise of the printer's firmware with high confidentiality, integrity, and availability impacts.

Canon advisories detail remediation measures against this buffer overflow vulnerability. Security practitioners should consult the following resources for patches, firmware updates, or mitigation guidance: https://canon.jp/support/support-info/260115vulnerability-response, https://psirt.canon/advisory-information/cp2026-001/, https://www.canon-europe.com/support/product-security/, and https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers.

Details

CWE(s)
CWE-787

Affected Products

canon
mf455dw firmware
≤ 06.02
canon
mf453dw firmware
≤ 06.02
canon
mf452dw firmware
≤ 06.02
canon
mf451dw firmware
≤ 06.02
canon
mf654cdw firmware
≤ 06.02
canon
mf656cdw firmware
≤ 06.02
canon
mf653cdw firmware
≤ 06.02
canon
mf652cw firmware
≤ 06.02
canon
mf1238 ii firmware
≤ 06.02
canon
mf1643if ii firmware
≤ 06.02
+6 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2025-14231Same product: Canon Lbp1238 Ii
CVE-2025-14235Same product: Canon Lbp1238 Ii
CVE-2025-14234Same product: Canon Lbp1238 Ii
CVE-2025-14237Same product: Canon Lbp1238 Ii
CVE-2025-14236Same product: Canon Lbp1238 Ii
CVE-2025-14233Same product: Canon Lbp1238 Ii
CVE-2024-12647Same product: Canon Lbp1238 Ii
CVE-2024-12648Same product: Canon Lbp1238 Ii
CVE-2024-12649Same product: Canon Lbp1238 Ii
CVE-2026-5443Shared CWE-787

References