Canon has issued a security notice regarding a critical vulnerability found in certain printer drivers for its production printers, office/small office multifunction printers, and laser printers. The vulnerability, identified as CVE-2025-1268, is described as an out-of-bounds vulnerability that βmay prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious applicationβ.
The affected printer drivers include several versions of Canonβs Generic Plus drivers:
Generic Plus PCL6 Printer Driver β V3.12 and earlierGeneric Plus UFR II Printer Driver β V3.12 and earlierGeneric Plus LIPS4 Printer Driver β V3.12 and earlierGeneric Plus LIPSLX Printer Driver β V3.12 and earlierGeneric Plus PS Printer Driver β V3.12 and earlierThe specific Common Vulnerabilities and Exposures (CVE) identifier for this flaw is CVE-2025-1268. The vulnerability lies within the EMF Recode processing of these Generic Plus printer drivers. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.4, indicating its critical severity.
Canon has credited the Microsoft Offensive Research and Security Engineering Team (MORSE) for reporting this vulnerability.
Canon is taking steps to address this vulnerability by providing updated printer drivers. According to the notice, βPrinter drivers designed to address the issue will be uploaded on websites of your local Canon sales representativesβ. Canon strongly advises its customers to βinstall the latest printer drivers availableβ to mitigate the risk.