CVE-2025-14237
Published: 16 January 2026
Summary
CVE-2025-14237 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Canon Mf455Dw Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the buffer overflow by requiring timely installation of Canon firmware patches for affected printer models.
Mitigates arbitrary code execution from the buffer overflow through memory protections like address space layout randomization and data execution prevention.
Prevents exploitation of the XPS font parsing buffer overflow by validating input length, format, and content before processing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-exposed printer firmware directly enables remote exploitation for RCE/DoS without auth (T1190: Exploit Public-Facing Application).
NVD Description
Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera…
more
MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.
Deeper analysisAI
CVE-2025-14237 is a buffer overflow vulnerability (CWE-787) in the XPS font parse processing component of firmware versions v06.02 and earlier on specific Canon Small Office Multifunction Printers and Laser Printers. Affected products include Satera LBP670C Series and Satera MF750C Series sold in Japan; Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II sold in the US; and i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II sold in Europe.
The vulnerability can be exploited by an attacker on the same network segment via a network-based attack (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 9.8). No privileges or user interaction are required, enabling low-complexity exploitation that may render the affected printer unresponsive (denial of service) or allow arbitrary code execution with high impacts to confidentiality, integrity, and availability.
Canon advisories provide remediation guidance, including potential patches or firmware updates. Security practitioners should consult https://canon.jp/support/support-info/260115vulnerability-response, https://psirt.canon/advisory-information/cp2026-001/, https://www.canon-europe.com/support/product-security/, and https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers for region- and model-specific mitigation details.
Details
- CWE(s)