[Japanese]

JVNDB-2025-000117

SEIKO EPSON printer Web Config vulnerable to stack-based buffer overflow

Overview

Web Config is software installed on multiple SEIKO EPSON printers which allows users to check the status and change the settings via a web browser.
Web Config contains the following vulnerability.
  • Stack-based buffer overflow (CWE-121) - CVE-2025-66635
Shogo Iyota of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


SEIKO EPSON CORPORATION
  • Web Config

A wide range of products are affected.
For more details, refer to the information provided by the developer.
Impact

Specially crafted data input by a logged-in user may execute arbitrary code.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Apply workarounds]
The developer strongly recommends users to apply workarounds when using the affected products for which no updates are available.

For more details, refer to the information provided by the developer.
Vendor Information

SEIKO EPSON CORPORATION
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-66635
References

  1. JVN : JVN#51846148
Revision History

  • [2025/12/16]
      Web page was published

Date Public2025/12/16
Date First Published2025/12/16
Date Last Updated2025/12/16