/Contact-Support/Product-Advisories/2025-May-19-SMTP-PassbackVulnerabilityRemediation.html

Service Notice: Vulnerability Mitigation/Remediation for Production Printers, Office/Small Office Multifunction Printers and Laser Printers

 

Description:

A passback vulnerability was found in production printers, office/small office multifunction printers and laser printers. This vulnerability could allow an attacker, if they obtain administrative privileges on the product, to acquire authentication information such as SMTP/LDAP connections configured in the product.

 

Affected Products:

  • imageRUNNER ADVANCE Series
  • imageRUNNER Series
  • imagePRESS V Series
  • imagePRESS Series
  • imageCLASS Series
  • i-sensys Series
  • Satera Series

 

CVE/CVSS:

CVE-2025-3078:

A passback vulnerability of production printers and office multifunction printers

CCVSS v4

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N Base Score: 6.3

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Base Score: 8.7

 

CVE-2025-3079:

A passback vulnerability of office/small office multifunction printers and laser printers

CCVSS v4

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N Base Score: 6.3

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Base Score: 8.7

 

Remediation:

We advise our customers to follow the below hardening guides:

  • It is not recommended that a product is connected directly to the internet. When connecting to the internet, use a private IP address in an environment where the internet can be accessed from a secure private network built with firewall products, wired routers or Wi-Fi routers.
  • Change the product’s default password to a new password. - Set up administrator and general users IDs and passwords.
  • Ensure that passwords and other similar settings for various functions are sufficiently difficult to guess.
  • If the product has authentication functions, use them to confirm the end-user identity who uses the product.
  • If the product has multi-factor authentication functions, use them to confirm the end-user identity who uses the product.
  • Be aware of physical security needs, including those related to the location of the product etc.

 

Please refer here for more information on securing products when connecting to a network.

 

In addition to the above measures, certain products have enhanced security features. The information on the relevant products is uploaded on the website of your local Canon sales representatives.

 

Update History:

  • 2025-05-19: Created