CVE-2025-14235 — CRITICAL (9.8)

Q: How severe is CVE-2025-14235?

CVE-2025-14235 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-14235?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf656Cdw Firmware, Canon Mf656Cdw, Canon Mf653Cdw Firmware, Canon Mf653Cdw, Canon Mf652Cw Firmware.

Vulnerability Description

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Canon	Mf656Cdw Firmware	<= 06.02
Canon	Mf656Cdw	-
Canon	Mf653Cdw Firmware	<= 06.02
Canon	Mf653Cdw	-
Canon	Mf652Cw Firmware	<= 06.02
Canon	Mf652Cdw	-
Canon	Mf1238 Ii Firmware	<= 06.02
Canon	Mf1238 Ii	-
Canon	Mf1643If Ii Firmware	<= 06.02
Canon	Mf1643If Ii	-
Canon	Mf1643I Ii Firmware	<= 06.02
Canon	Mf1643I Ii	-
Canon	Lbp237Dw Firmware	<= 06.02
Canon	Lbp237Dw	-
Canon	Lbp236Dw Firmware	<= 06.02
Canon	Lbp236Dw	-
Canon	Lbp633Cdw Firmware	<= 06.02
Canon	Lbp633Cdw	-
Canon	Lbp632Cdw Firmware	<= 06.02
Canon	Lbp632Cdw	-

Related Weaknesses (CWE)

CWE-787

References

https://canon.jp/support/support-info/260115vulnerability-responseVendor Advisory
https://psirt.canon/advisory-information/cp2026-001/Vendor Advisory
https://www.canon-europe.com/support/product-security/Vendor Advisory
https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-RegardVendor Advisory

FAQ

What is CVE-2025-14235?

CVE-2025-14235 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u...

How severe is CVE-2025-14235?

CVE-2025-14235 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-14235?

Check the references section above for vendor advisories and patch information. Affected products include: Canon Mf656Cdw Firmware, Canon Mf656Cdw, Canon Mf653Cdw Firmware, Canon Mf653Cdw, Canon Mf652Cw Firmware.