HP
CVE-2025-7698
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver
AnalysisAI
Out-of-bounds read vulnerabilities exist in the print processing functionality of multiple Canon printer driver families, including Generic Plus PCL6, UFR II, LIPS4, LIPSLX, PS, PCL6, CARPS2, and related variants. These vulnerabilities allow remote attackers to read sensitive memory contents (information disclosure) and potentially cause application crashes, requiring user interaction (opening a malicious print job) to trigger. With an EPSS score of 0.05% and no evidence of active exploitation in the wild, this represents a low real-world risk despite moderate CVSS scoring.
Technical ContextAI
The vulnerabilities stem from CWE-125 (out-of-bounds read) errors in the print processing subsystems across Canon's printer driver ecosystem. These drivers handle multiple page description languages (PCL6, UFR II, LIPS4, LIPSLX, PostScript) and translate them into printer-specific commands. The root cause involves insufficient bounds checking when parsing print job data structures, allowing an attacker to supply a crafted print file that causes the driver to read past allocated buffer boundaries. This is a classic memory safety issue where the driver fails to validate buffer offsets before memory access operations during print job interpretation.
Affected ProductsAI
Multiple Canon printer driver families are affected, including Generic Plus PCL6, Generic Plus UFR II, Generic Plus LIPS4, Generic Plus LIPSLX, Generic Plus PS, UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, and PCL6 Printer Drivers. Specific version ranges are not detailed in available CVE data, but Canon's official advisory (CP2025-005) at https://psirt.canon/advisory-information/cp2025-005/ provides complete affected version lists. Affected product scope includes drivers for production printers, office/small office multifunction printers, and laser printers. The vulnerability advisory from Canon USA is available at https://www.usa.canon.com/about-us/to-our-customers/cp2025-005-vulnerabilities-remediation-for-certain-printer-drivers-for-production-printers-office-small-office-multifunction-printers-laser-printers and European support information at https://www.canon-europe.com/support/product-security/.
RemediationAI
Immediately apply vendor-supplied patches from Canon's CP2025-005 advisory (https://psirt.canon/advisory-information/cp2025-005/) which provides fixed driver versions for all affected product families. Download and deploy the patched drivers corresponding to your specific printer models and operating systems from Canon's support portal (https://canon.jp/support/support-info/250925vulnerability-response). Until patching is complete, restrict print job submissions to trusted internal sources only, disable network printing where feasible, and educate users not to open suspicious print files from untrusted sources. Organizations should prioritize patching production printer drivers first, as these are typically shared network resources with higher exposure.
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software co
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoP
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execu
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown ve
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via u
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arb
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute ar
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today