Cyber Resilience

CVE-2025-14233

Critical

Published: 16 January 2026

Published
16 January 2026
Modified
26 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0076 50.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-14233 is a critical-severity Release of Invalid Pointer or Reference (CWE-763) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-14233 is an invalid free vulnerability in the CPCA file deletion processing component affecting Small Office Multifunction Printers and Laser Printers from Canon. The issue impacts firmware version v06.02 and earlier on models including Satera LBP670C Series/Satera MF750C Series sold in Japan; Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II sold in the US; and i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II sold in Europe.

An unauthenticated attacker on the same network segment can exploit this vulnerability remotely with low complexity to cause the affected printer to become unresponsive (denial of service) or execute arbitrary code. The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects its critical severity, high impact on confidentiality, integrity, and availability, and lack of prerequisites.

Canon advisories provide details on remediation measures, including patches for the vulnerability. Security practitioners should consult https://canon.jp/support/support-info/260115vulnerability-response, https://psirt.canon/advisory-information/cp2026-001/, https://www.canon-europe.com/support/product-security/, and https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers for region-specific guidance and firmware updates.

EU & UK References

Vulnerability details

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera…

more

MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Invalid free memory corruption in network-exposed CPCA service on printers directly enables unauthenticated remote code execution or DoS, mapping to exploitation of a public-facing device/service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-14234Same product: Canon Lbp1238 Ii
CVE-2025-14237Same product: Canon Lbp1238 Ii
CVE-2025-14231Same product: Canon Lbp1238 Ii
CVE-2025-14232Same product: Canon Lbp1238 Ii
CVE-2024-12649Same product: Canon Lbp1238 Ii
CVE-2024-12648Same product: Canon Lbp1238 Ii
CVE-2025-14236Same product: Canon Lbp1238 Ii
CVE-2025-14235Same product: Canon Lbp1238 Ii
CVE-2024-12647Same product: Canon Lbp1238 Ii
CVE-2026-22770Shared CWE-763

Affected Assets

canon
mf455dw firmware
≤ 06.02
canon
mf453dw firmware
≤ 06.02
canon
mf452dw firmware
≤ 06.02
canon
mf451dw firmware
≤ 06.02
canon
mf654cdw firmware
≤ 06.02
canon
mf656cdw firmware
≤ 06.02
canon
mf653cdw firmware
≤ 06.02
canon
mf652cw firmware
≤ 06.02
canon
mf1238 ii firmware
≤ 06.02
canon
mf1643if ii firmware
≤ 06.02
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Applying vendor firmware patches directly remediates the invalid free vulnerability in CPCA file deletion processing.

prevent

Memory protection mechanisms such as ASLR and DEP prevent exploitation of the invalid free leading to arbitrary code execution or DoS.

prevent

Boundary protection limits network access to the vulnerable printer service from unauthorized segments, reducing remote exploit opportunities.

References