Critical Remote Code Execution in Canon imageCLASS MF654Cdw (CVE‑2025‑14237) via TTF Parsing Integer Overflow
What It Is – A newly disclosed integer‑overflow flaw in the TrueType‑font (TTF) parser of Canon’s imageCLASS MF654Cdw multi‑function printer allows an unauthenticated, network‑adjacent attacker to execute arbitrary code on the device.
Exploitability – The vulnerability is publicly disclosed with a CVSS 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No public exploit code has been released, but the advisory confirms the flaw is exploitable in the wild and a firmware patch is already available.
Affected Products – Canon imageCLASS MF654Cdw laser printer (all firmware versions prior to the March 2026 security update).
TPRM Impact – Printers are often embedded in corporate networks and may have access to sensitive documents, internal email, and authentication tokens. Compromise can lead to lateral movement, data exfiltration, or serve as a foothold for supply‑chain attacks against downstream customers.
Recommended Actions –
- Deploy Canon’s March 2026 firmware update immediately.
- Segment printer VLANs from critical assets and enforce strict firewall rules.
- Conduct an inventory of all Canon imageCLASS devices and verify patch status.
- Enable logging and monitor for anomalous TTF‑related traffic or unexpected process launches on printers.
- Review and harden printer management interfaces (disable unused services, enforce strong admin passwords).