Critical RCE in Canon imageCLASS MF654Cdw (CVE-2025-14234) Heap Buffer Overflow Allows Remote Code Execution
What It Is — A heap‑based buffer overflow in the CADM service of Canon’s imageCLASS MF654Cdw multi‑function printer enables unauthenticated attackers to execute arbitrary code on the device.
Exploitability — The vulnerability is publicly disclosed (ZDI‑26‑205) with a CVSS 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No public PoC is required; a crafted PJCC request to TCP 9013 triggers the overflow, making exploitation trivial for a network‑adjacent adversary.
Affected Products — Canon imageCLASS MF654Cdw network printers (CADM service listening on TCP 9013).
TPRM Impact — Compromised printers can become footholds for lateral movement, data exfiltration, or ransomware across an organization’s network, exposing third‑party risk for any entity that relies on Canon devices.
Recommended Actions — Deploy Canon’s firmware update immediately; isolate printers on a dedicated VLAN; block inbound traffic to port 9013 from untrusted networks; monitor CADM service logs for anomalous requests; verify asset inventory reflects current firmware versions.