CVE-2025-2146

CRITICAL
Published May 26, 2025 Modified Jun 3, 2025 CWE-787

Description

Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-787 Out-of-bounds Write

Affected Products

Vendor Product
canon satera_mf656cdw_firmware
canon satera_mf656cdw
canon satera_mf654cdw_firmware
canon satera_mf654cdw
canon satera_mf551dw_firmware
canon satera_mf551dw
canon satera_mf457dw_firmware
canon satera_mf457dw
canon imageclass_mf656cdw_firmware
canon imageclass_mf656cdw
canon imageclass_mf654cdw_firmware
canon imageclass_mf654cdw
canon imageclass_mf653cdw_firmware
canon imageclass_mf653cdw
canon imageclass_mf652cdw_firmware
canon imageclass_mf652cdw
canon imageclass_lbp633cdw_firmware
canon imageclass_lbp633cdw
canon imageclass_lbp632cdw_firmware
canon imageclass_lbp632cdw
canon imageclass_mf455dw_firmware
canon imageclass_mf455dw
canon imageclass_mf453dw_firmware
canon imageclass_mf453dw
canon imageclass_mf452dw_firmware
canon imageclass_mf452dw
canon imageclass_mf451dw_firmware
canon imageclass_mf451dw
canon imageclass_lbp237dw_firmware
canon imageclass_lbp237dw
canon imageclass_lbp236dw_firmware
canon imageclass_lbp236dw
canon imageclass_x_mf1238_ii_firmware
canon imageclass_x_mf1238_ii
canon imageclass_x_mf1643i_ii_firmware
canon imageclass_x_mf1643i_ii
canon imageclass_x_mf1643if_ii_firmware
canon imageclass_x_mf1643if_ii
canon imageclass_x_lbp1238_ii_firmware
canon imageclass_x_lbp1238_ii
canon i-sensys_mf657cdw_firmware
canon i-sensys_mf657cdw
canon i-sensys_mf655cdw_firmware
canon i-sensys_mf655cdw
canon i-sensys_mf651cdw_firmware
canon i-sensys_mf651cdw
canon i-sensys_lbp633cdw_firmware
canon i-sensys_lbp633cdw
canon i-sensys_lbp631cdw_firmware
canon i-sensys_lbp631cdw
canon i-sensys_mf553dw_firmware
canon i-sensys_mf553dw
canon i-sensys_mf552dw_firmware
canon i-sensys_mf552dw
canon i-sensys_mf455dw_firmware
canon i-sensys_mf455dw
canon i-sensys_mf453dw_firmware
canon i-sensys_mf453dw
canon i-sensys_lbp236dw_firmware
canon i-sensys_lbp236dw
canon i-sensys_lbp233dw_firmware
canon i-sensys_lbp233dw
canon imagerunner_1643if_ii_firmware
canon imagerunner_1643if_ii
canon imagerunner_1643i_ii_firmware
canon imagerunner_1643i_ii
canon i-sensys_x_1238if_ii_firmware
canon i-sensys_x_1238if_ii
canon i-sensys_x_1238i_ii_firmware
canon i-sensys_x_1238i_ii
canon i-sensys_x_1238p_ii_firmware
canon i-sensys_x_1238p_ii
canon i-sensys_x_1238pr_ii_firmware
canon i-sensys_x_1238pr_ii

References

Frequently Asked Questions

What is CVE-2025-2146? +
Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw/imageCLASS MF455dw/imageCLASS MF453dw/imageCLASS MF452dw/imageCLASS MF451dw/imageCLASS LBP237dw/imageCLASS LBP236dw/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II/imageCLASS X LBP1238 II firmware v05.07 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw/i-SENSYS MF553dw/i-SENSYS MF552dw/i-SENSYS MF455dw/i-SENSYS MF453dw/i-SENSYS LBP236dw/i-SENSYS LBP233dw/imageRUNNER 1643iF II/imageRUNNER 1643i II/i-SENSYS X 1238iF II/i-SENSYS X 1238i II/i-SENSYS X 1238P II/i-SENSYS X 1238Pr II firmware v05.07 and earlier sold in Europe. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2025-2146? +
CVE-2025-2146 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-2146? +
CVE-2025-2146 affects products from canon, specifically: i-sensys_lbp233dw, i-sensys_lbp233dw_firmware, i-sensys_lbp236dw, i-sensys_lbp236dw_firmware, i-sensys_lbp631cdw, i-sensys_lbp631cdw_firmware, i-sensys_lbp633cdw, i-sensys_lbp633cdw_firmware, i-sensys_mf453dw, i-sensys_mf453dw_firmware, i-sensys_mf455dw, i-sensys_mf455dw_firmware, i-sensys_mf552dw, i-sensys_mf552dw_firmware, i-sensys_mf553dw, i-sensys_mf553dw_firmware, i-sensys_mf651cdw, i-sensys_mf651cdw_firmware, i-sensys_mf655cdw, i-sensys_mf655cdw_firmware, i-sensys_mf657cdw, i-sensys_mf657cdw_firmware, i-sensys_x_1238i_ii, i-sensys_x_1238i_ii_firmware, i-sensys_x_1238if_ii, i-sensys_x_1238if_ii_firmware, i-sensys_x_1238p_ii, i-sensys_x_1238p_ii_firmware, i-sensys_x_1238pr_ii, i-sensys_x_1238pr_ii_firmware, imageclass_lbp236dw, imageclass_lbp236dw_firmware, imageclass_lbp237dw, imageclass_lbp237dw_firmware, imageclass_lbp632cdw, imageclass_lbp632cdw_firmware, imageclass_lbp633cdw, imageclass_lbp633cdw_firmware, imageclass_mf451dw, imageclass_mf451dw_firmware, imageclass_mf452dw, imageclass_mf452dw_firmware, imageclass_mf453dw, imageclass_mf453dw_firmware, imageclass_mf455dw, imageclass_mf455dw_firmware, imageclass_mf652cdw, imageclass_mf652cdw_firmware, imageclass_mf653cdw, imageclass_mf653cdw_firmware, imageclass_mf654cdw, imageclass_mf654cdw_firmware, imageclass_mf656cdw, imageclass_mf656cdw_firmware, imageclass_x_lbp1238_ii, imageclass_x_lbp1238_ii_firmware, imageclass_x_mf1238_ii, imageclass_x_mf1238_ii_firmware, imageclass_x_mf1643i_ii, imageclass_x_mf1643i_ii_firmware, imageclass_x_mf1643if_ii, imageclass_x_mf1643if_ii_firmware, imagerunner_1643i_ii, imagerunner_1643i_ii_firmware, imagerunner_1643if_ii, imagerunner_1643if_ii_firmware, satera_mf457dw, satera_mf457dw_firmware, satera_mf551dw, satera_mf551dw_firmware, satera_mf654cdw, satera_mf654cdw_firmware, satera_mf656cdw, satera_mf656cdw_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-2146? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-2146 — free, no signup required.

Start Free Scan