Critical RCE in Canon imageCLASS MF654Cdw XPS Parser (CVE‑2025‑14232) Threatens Enterprise Printing Infrastructure
What It Is – A stack‑based buffer overflow in the XPS file parser of Canon’s imageCLASS MF654Cdw multi‑function printer allows an unauthenticated, network‑adjacent attacker to execute arbitrary code on the device. The flaw stems from insufficient length validation before copying user‑supplied data to a stack buffer.
Exploitability – The vulnerability is publicly disclosed (ZDI‑26‑204) with a CVSS 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No proof‑of‑concept code is required; exploitation can be performed remotely without credentials. Canon has released a firmware update that mitigates the issue.
Affected Products – Canon imageCLASS MF654Cdw laser printer (all firmware versions prior to the March 2026 security update).
TPRM Impact –
- Compromise of a printer can serve as a foothold for lateral movement across corporate networks, exposing sensitive documents and credentials stored on adjacent systems.
- As a widely deployed third‑party device, the flaw expands the attack surface of any organization that outsources its printing services to Canon or uses the MF654Cdw in a managed environment.
- Potential for supply‑chain risk if compromised printers are integrated with cloud‑based print management platforms.
Recommended Actions –
- Verify firmware version on all Canon imageCLASS MF654Cdw units and apply the latest security update from Canon’s support portal.
- Isolate printers on a dedicated VLAN or network segment with strict firewall rules limiting inbound traffic to required management ports only.
- Disable or restrict XPS printing functionality if not needed; consider enforcing PDF‑only print jobs.
- Incorporate the device into your asset inventory and continuous monitoring program; enable logging and integrate with SIEM for anomalous activity detection.
- Review contracts with printing service providers to ensure they adhere to timely patching and segmentation requirements.