CVE-2025-14234

high-risk

Published 2026-01-16

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (16)

Mf455Dw Firmware

Mf453Dw Firmware

Mf452Dw Firmware

Mf451Dw Firmware

Mf654Cdw Firmware

Mf656Cdw Firmware

Mf653Cdw Firmware

Mf652Cw Firmware

Mf1238 Ii Firmware

Mf1643If Ii Firmware

Mf1643I Ii Firmware

Lbp237Dw Firmware

Lbp236Dw Firmware

Lbp633Cdw Firmware

Lbp632Cdw Firmware

Lbp1238 Ii Firmware

Affected Vendors

Canon

References (4)

Vendor Advisory https://canon.jp/support/support-info/260115vulnerability-response

Vendor Advisory https://psirt.canon/advisory-information/cp2026-001/

Vendor Advisory https://www.canon-europe.com/support/product-security/

Vendor Advisory https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regard...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 0/34 · Minimal

Exposure 18/34 · Moderate