Critical Remote Code Execution in Canon imageCLASS MF654Cdw Printers (CVE-2025-14231) Exposes Network‑Adjacent Attackers
What It Is — A heap‑based buffer overflow in the XML SOAP request parser of Canon imageCLASS MF654Cdw multifunction printers allows unauthenticated, network‑adjacent attackers to execute arbitrary code with device‑level privileges. The flaw is tracked as CVE‑2025‑14231.
Exploitability — The vulnerability is actively exploitable; no authentication or user interaction is required. A proof‑of‑concept was demonstrated during the Pwn2Own competition. CVSS 8.8 (High).
Affected Products — Canon imageCLASS MF654Cdw laser multifunction printer (all firmware versions prior to the 2026‑01 security update).
TPRM Impact — Compromise of a printer can serve as a foothold for lateral movement, data exfiltration, or sabotage of business‑critical documents, posing a supply‑chain risk for organizations that rely on Canon devices as a trusted service provider.
Recommended Actions —
- Deploy Canon’s security update immediately (see Canon Europe support page).
- If patching cannot be applied promptly, isolate the printer on a segmented VLAN and restrict inbound traffic to trusted management IPs.
- Enable network‑level intrusion detection for anomalous SOAP traffic.
- Review and harden logging on the device; integrate printer logs into SIEM.