By rssfeeds-admin The vulnerabilities, identified as CVE-2025-3078 and CVE-2025-3079, enable malicious actors to extract sensitive authentication information from compromised devices, potentially leading to broader network infiltration.
The passback vulnerabilities impact multiple product lines, including the imageRUNNER ADVANCE Series, imageRUNNER Series, imagePRESS V Series, imageCLASS Series, i-SENSYS Series, and Satera Series.
High-Severity Canon Vulnerabilities
These vulnerabilities carry a CVSS v3.1 base score of 8.7, classified as high severity, with the attack vector designated as CVSS:3.1.
The vulnerabilities represent a significant security concern as they affect Canon’s entire enterprise printing ecosystem.
CVE-2025-3078 specifically targets production printers and office multifunction printers, while CVE-2025-3079 focuses on office/small office multifunction printers and laser printers.
Security researchers have noted that these passback vulnerabilities allow attackers with administrative privileges to redirect device authentication attempts to malicious servers under their control.
The core vulnerability mechanism involves insufficiently protected credentials (CWE-522), where Canon devices transmit authentication information for external services without adequate protection.
SMTP and LDAP Credential Extraction Methods
When exploited, these flaws enable attackers to acquire SMTP/LDAP connection credentials configured within the affected products.
Passback attacks leverage the trust relationships between multifunction peripherals (MFPs) and critical network services.
In a typical exploitation scenario, an attacker with administrative access modifies the LDAP server IP address in the device configuration, redirecting authentication requests to a rogue server capable of capturing credentials in plaintext.
This technique has been documented extensively in penetration testing methodologies, where attackers reconfigure devices to send LDAP queries to attacker-controlled systems listening on port 389.
The vulnerability’s EPSS (Exploit Prediction Scoring System) score of 0.03% indicates a relatively low probability of exploitation in the next 30 days, though security experts warn that the technique’s simplicity makes it attractive to threat actors.
The attack requires high-level privileges (PR:H) but can be executed remotely over the network (AV:N) with low attack complexity (AC:L).
| CVEs | Affected Products | Impact | Exploit Prerequisites | CVSS 3.1 Score |
| CVE-2025-3078 | imageRUNNER ADVANCE Series, imageRUNNER Series, imagePRESS V Series, imagePRESS Series | Allows attackers with administrative privileges to extract SMTP/LDAP credentials, enabling lateral network movement | Administrative access (PR:H) required | 8.7 (HIGH) |
| CVE-2025-3079 | imageCLASS Series, i-SENSYS Series, Satera Series, office/small office laser printers | Compromises authentication data integrity/confidentiality via passback attacks on multifunction printers | Network access + administrative privileges | 8.7 (HIGH) |
Mitigation Strategies
Canon has provided comprehensive mitigation guidelines while firmware patches remain under development.
The company strongly advises against connecting devices directly to public internet networks, recommending instead the use of private IP addresses within secure network environments protected by firewalls, routers, or Wi-Fi routers.
Critical security measures include changing default passwords to strong, unique credentials and implementing robust administrator and general user authentication.
Organizations should enable multi-factor authentication (MFA) where supported and ensure all administrative settings use sufficiently complex passwords resistant to brute-force attacks.
Physical security considerations are equally important, as attackers often exploit default credentials on unattended devices. Canon recommends consulting their product hardening guide at psirt.canon/hardening for comprehensive network security practices.
Additionally, organizations should implement network segmentation to isolate printing infrastructure and monitor device access logs for suspicious authentication attempts.
The advisory emphasizes that Vercel-hosted Next.js deployments receive automatic protection, though self-hosted applications remain vulnerable until proper mitigation measures are implemented.
Security teams are encouraged to conduct immediate audits of their Canon printer deployments and implement the recommended security controls to prevent potential credential theft and lateral movement within their networks.
Equip your SOC team with deep threat analysis for faster response -> Get Extra Sandbox Licenses for Free
The post Exploitable Vulnerabilities in Canon Printers Allow Attackers to Gain Admin Privileges appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.