ZDI 2026-03-16

ZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-14231

Machine-generated analysis · WAYSCloud LLM

The vulnerability affects Canon imageCLASS MF654Cdw printers and involves a heap-based buffer overflow in XML SOAP request parsing.

Context

The Canon imageCLASS MF654Cdw printer is affected by a vulnerability in its handling of XML SOAP requests. The issue is a heap-based buffer overflow that can be triggered remotely without authentication. The advisory notes the vulnerability can allow arbitrary code execution by network-adjacent attackers. Worth noting is that the vulnerability was disclosed as part of the Pwn2Own competition.

Operator considerations

Check: Identify Canon imageCLASS MF654Cdw printers on the network that process XML SOAP requests.

From Zero Day Initiative ↗

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-14231.

Read the full advisory on ZDI →