Critical Remote Code Execution in Canon imageCLASS MF654Cdw (CVE‑2025‑14235) Threatens Network‑Adjacent Printers
What It Is – A newly disclosed out‑of‑bounds write in the TrueType‑font (TTF) parser of Canon’s imageCLASS MF654Cdw multi‑function printer enables unauthenticated attackers to execute arbitrary code on the device.
Exploitability – The flaw is publicly disclosed, a proof‑of‑concept was demonstrated at the Pwn2Own competition, and a vendor patch is already available. CVSS 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classifies it as Critical.
Affected Products – Canon imageCLASS MF654Cdw (all firmware versions prior to the March 2026 security update).
TPRM Impact – Compromised printers can become footholds for lateral movement, exfiltrate printed documents, and serve as pivot points to internal networks, creating a supply‑chain risk for any organization that outsources its printing to Canon.
Recommended Actions –
- Deploy Canon’s March 2026 firmware update immediately.
- Isolate network‑adjacent printers on a segmented VLAN.
- Disable TTF font processing or restrict print jobs to trusted sources.
- Conduct a rapid inventory of all Canon imageCLASS devices and verify patch status.
- Monitor network traffic for anomalous outbound connections from printers.