CVE-2025-14236
Published: 16 January 2026
Summary
CVE-2025-14236 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the buffer overflow vulnerability through timely application of Canon firmware updates v06.03 or later.
Mandates validation of Address Book attribute tag inputs to block crafted data causing the buffer overflow.
Enforces network boundary protections to restrict unauthenticated access to the vulnerable printer service from the local segment.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow enables remote unauthenticated RCE (T1210) and DoS via exploitation (T1499.004) on network-accessible printer services.
NVD Description
Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series…
more
firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
Deeper analysisAI
CVE-2025-14236 is a buffer overflow vulnerability (CWE-787) in the Address Book attribute tag processing component of various Canon Small Office Multifunction Printers and laser printers running firmware version v06.02 and earlier. Affected products sold in Japan include the Satera LBP670C Series and Satera MF750C Series. In the US, the vulnerability impacts the Color imageCLASS LBP630C Series, Color imageCLASS MF650C Series, imageCLASS LBP230 Series, imageCLASS X LBP1238 II, imageCLASS MF450 Series, imageCLASS X MF1238 II, imageCLASS X MF1643i II, and imageCLASS X MF1643iF II. European models affected are the i-SENSYS LBP630C Series, i-SENSYS MF650C Series, i-SENSYS LBP230 Series, 1238P II, 1238Pr II, i-SENSYS MF450 Series, i-SENSYS MF550 Series, 1238i II, 1238iF II, imageRUNNER 1643i II, and imageRUNNER 1643iF II.
The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction required, and high impacts across confidentiality, integrity, and availability. An unauthenticated attacker on the same network segment can send crafted data to trigger the buffer overflow, potentially causing the affected printer to become unresponsive (denial of service) or enabling execution of arbitrary code on the device.
Canon has published multiple advisories addressing this issue, including PSIRT advisory CP2026-001 and support notices for Japan, Europe, and the US. These detail remediation measures, such as firmware updates, against the buffer overflow in laser printers and small office multifunction printers. Security practitioners should review the vendor's product security pages for patch deployment instructions and verify firmware versions on deployed devices.
Details
- CWE(s)