Canon imageCLASS MF654Cdw Printer Vulnerability CVE-2025-14233 Disclosed After Pwn2Own Exploit
A critical memory corruption vulnerability in Canon imageCLASS MF654Cdw printers, exploited at Pwn2Own, allows network-adjacent attackers to achieve remote code execution without authentication.
Canon has released a security update addressing a critical vulnerability in its imageCLASS MF654Cdw printers, designated CVE-2025-14233, which was demonstrated during the Pwn2Own hacking competition. The flaw, discovered by Team PetoWorks, carries a CVSS score of 8.8 and allows network-adjacent attackers to execute arbitrary code on affected devices without requiring authentication.
The vulnerability resides in the BJNP service, a protocol used for printing and scanning over networks. The issue stems from improper validation of user-supplied data, leading to a memory corruption condition that can be leveraged for remote code execution. Given the network-adjacent attack vector, an attacker would need to be on the same network segment as the printer, but no user interaction is required.
Canon has issued a security update to address the flaw, with details available on their product security page. The vulnerability was reported to Canon on November 11, 2025, and the coordinated public disclosure occurred on March 23, 2026. The advisory was updated on the same day.
The discovery was credited to Team PetoWorks, consisting of researchers SungJun Park, Wonbeen Im, Dohyun Kim, and Juyeong Lee, who successfully exploited the vulnerability at Pwn2Own. Pwn2Own is a renowned competition where researchers demonstrate zero-day exploits against widely used products, often leading to responsible disclosure and patching.
This vulnerability highlights the ongoing risks posed by network-connected printers, which are often overlooked in security postures. Printers can serve as entry points for lateral movement within networks, and memory corruption flaws like this one can allow attackers to gain a foothold on the device. Organizations using the Canon imageCLASS MF654Cdw are urged to apply the update promptly.
The disclosure follows a trend of printer vulnerabilities being uncovered at Pwn2Own events, emphasizing the need for manufacturers to prioritize security in embedded devices. Canon's response in issuing a patch within the coordinated disclosure timeline demonstrates a commitment to addressing such issues, but users must ensure timely deployment to mitigate risk.