CVE-2025-7698 Overview
CVE-2025-7698 is an out-of-bounds read vulnerability [CWE-125] affecting multiple Canon printer drivers, including Generic Plus PCL6, Generic Plus UFR II, Generic Plus LIPS4, Generic Plus LIPSLX, Generic Plus PS, UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, and PCL6 Printer Drivers. The flaw resides in print processing logic. An attacker who convinces a user to process a crafted print job can read memory outside intended buffers. Canon disclosed the issue under advisory CP2025-005 and published remediation guidance for affected drivers.
Critical Impact
Successful exploitation can disclose sensitive process memory contents and may contribute to further attack chains that undermine confidentiality on systems running vulnerable Canon printer drivers.
Affected Products
- Canon Generic Plus PCL6, UFR II, LIPS4, LIPSLX, and PS Printer Drivers
- Canon UFRII LT, CARPS2, Generic FAX, LIPS4, LIPSLX, UFR II, PS, and PCL6 Printer Drivers
- Windows hosts running any listed Canon driver version prior to the CP2025-005 fixed release
Discovery Timeline
- 2025-09-29 - CVE-2025-7698 published to the National Vulnerability Database (NVD)
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-7698
Vulnerability Analysis
The vulnerability is an out-of-bounds read in the print processing routines of multiple Canon printer drivers. When the driver parses print job data, it reads beyond the bounds of an allocated buffer. This behavior discloses adjacent memory contents to the calling context. The condition is classified under [CWE-125] Out-of-bounds Read.
The CVSS 4.0 vector indicates a network attack vector with high attack complexity, user interaction required, and passive attack requirements. Confidentiality impact on the vulnerable component is rated high, while integrity is not affected and availability impact is limited. No public proof-of-concept exploit is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The EPSS score is low, reflecting limited near-term exploitation likelihood.
Root Cause
The drivers fail to validate boundary conditions when parsing structured print job data. Missing length or offset checks allow the parser to dereference memory past the end of an allocated buffer. This design flaw permits controlled input to trigger reads outside the intended region, exposing memory contents to the driver's execution context.
Attack Vector
Exploitation requires an attacker to deliver a specially crafted print job or document to a system using an affected Canon driver. A user must process the malicious print data for the out-of-bounds read to occur. Because print jobs can be delivered over the network to shared printer resources, the network attack vector applies, though successful exploitation depends on user action and specific environmental preconditions.
The vulnerability manifests inside the driver's print processing path. See the Canon PSIRT Advisory CP2025-005 for technical details on affected components and fixed versions.
Detection Methods for CVE-2025-7698
Indicators of Compromise
- Unexpected crashes or exceptions in Canon print driver processes such as those associated with PCL6, UFR II, LIPS4, LIPSLX, or PS spooling components
- Anomalous print spooler service (spoolsv.exe) memory access errors logged in Windows Event Viewer
- Unusual or malformed print job files arriving via network-shared printers or print servers
Detection Strategies
- Inventory endpoints and print servers to identify installed Canon driver versions and compare against the fixed versions listed in Canon's remediation guidance
- Monitor Windows print subsystem logs for parser errors, access violations, or driver-initiated exceptions during print job processing
- Alert on unexpected print jobs originating from untrusted network sources or unmanaged endpoints
Monitoring Recommendations
- Enable detailed logging on print servers and forward events to a centralized log platform for correlation
- Track process behavior of print spooler and driver host processes for anomalous memory access patterns or unexpected child processes
- Review network share access logs for repeated or scripted submissions of print jobs against printer queues
How to Mitigate CVE-2025-7698
Immediate Actions Required
- Identify all endpoints, print servers, and multifunction devices using the affected Canon Generic Plus, UFRII LT, CARPS2, Generic FAX, LIPS, PS, or PCL6 drivers
- Download and deploy the fixed driver versions published by Canon in advisory CP2025-005
- Restrict access to shared printer queues so that only authenticated, trusted users can submit print jobs
Patch Information
Canon has published remediation guidance and updated driver packages in advisory CP2025-005. Refer to Canon Vulnerability Response Information, the Canon PSIRT Advisory CP2025-005, Canon Europe Product Security Support, and the Canon USA Remediation for CP2025-005 for fixed driver versions and installation instructions.
Workarounds
- Limit exposure of print servers and printer shares to untrusted networks using firewall or segmentation controls
- Require authentication for print job submission and disable anonymous printing where feasible
- Remove or disable unused Canon driver variants on endpoints that do not require them to reduce the driver attack surface
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

