[Japanese]

JVNDB-2025-005467

Passback vulnerabilities in Canon Production Printers, Office/Small Office Multifunction Printers, and Laser Printers

Overview

Production Printers, Office/Small Office Multifunction Printers, and Laser Printers provided by Canon Inc. do not implement sufficient protection on credential information (CWE-522).

* CVE-2025-3078, CVE-2025-3079

Canon Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.7 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
Affected Products

A wide range of products and versions are affected. For more information, refer to "Vendor Status" section below.

Canon
  • (multiple product)

Impact

When an affected device is configured to communicate with an external system (e.g., SMTP server or LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form.
Solution

[Apply the Workaround]
The developer recommends applying the workarounds to avoid access from third parties.
For details, refer to the information provided by the developer.

Vendor Information

Canon
CWE (What is CWE?)

  1. Insufficiently Protected Credentials(CWE-522) [Other]
CVE (What is CVE?)

  1. CVE-2025-3078
  2. CVE-2025-3079
References

  1. JVN : JVNVU#99563104
Revision History

  • [2025/05/22]
      Web page was published