CVE-2025-2146 – Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2025-2146

25 May 2025 — Buffer overflow in WebService Authentication processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632C... • https://canon.jp/support/support-info/250127vulnerability-response • CWE-787: Out-of-bounds Write •