/
2025: Security Advisory: Canon UFR Driver Vulnerability

2025: Security Advisory: Canon UFR Driver Vulnerability

Owned by Jason Apel, created
Last updated: Mar 28, 2025 by Howard Roberts
2 min read

Summary

As stated on the Canon website, It has been found that the Canon Printer Drivers before version 3.15 have a buffer overflow vulnerability.

These Canon Drivers can optionally be distributed as part of the SmartClient Installer Packages within uniFLOW Online.

Advisory release date

Mar 28, 2025

Product

uniFLOW Online

CVE

CVE-2025-1268

Summary of Vulnerability

Out-of-bounds vulnerability was found in certain printer drivers for production printers, office/small office multifunction printers and laser printers that may prevent printing and/or potentially be able to execute arbitrary code when the print is processed by a malicious application.

For further information please also see: CP2025-003 Vulnerability Remediation for Certain Printer Drivers for Production Printers, Office/Small Office Multifunction Printers and Laser Printers - Canon PSIRT

Severity

CVSS v3    CVSS: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L    Base Score: 9.4

Affected Versions

Product

Affected versions

uniFLOW Online

  • Releases to and including 2025.1.1

    • 12th March 2025

Fixed Versions

Product

Fix versions

uniFLOW Online

  • The 2025.1.2 release

    • 3rd April 2025

What You Need to Do

To check if you are impacted by this vulnerability please follow the below procedure.

  1. Browse to your uniFLOW Online tenant’s web interface

  2. Login in with a user that has Administrator rights.

  3. Click the profile icon in the top right of the screen, next to your display name

  4. Selected Advanced for Administrator view, Click Save

  5. Browse to Extensions > uniFLOW SmartClient > Installer configuration and creation > Manage Installers

  6. Select each SmartClient Package (ignoring the Mac SmartClient Packages).

  7. Check if any of the following are set

    1. Printer Driver: Canon Generic Plus UFR II Printer Driver

    2. Printer Driver: Canon Generic Plus GPLX Printer Driver

    3. Canon PDF Driver: Enable Canon PDF Driver = Checked

If a, b or c are true, then you will need to follow the steps in the Mitigation section.

If a, b and c are false, then you do not need to do anything.

Mitigation

uniFLOW Online 2025.1.2 (3rd April) is updated with the latest drivers from Canon (that are not subject to the vulnerability).

  1. Browse to Extensions > uniFLOW SmartClient > Installer configuration and creation > Manage Installers

    1. for the lines that have the ‘Update Available’ status

      1. select and double click the line to open the settings tabs

      2. select the ‘Configure Installer’ tab

      3. Click the 'Update Installer' button

      4. The Updating uniFLOW SmartClient Installer dialogue is displayed.

      5. Click the 'update now'

      6. when it is finished re-creating the installer, select the 'Installer versions' tab.

      7. select the latest one at the top of the list

      8. select the … button to the right of the row.

      9. either

        1. 'Publish' the new installer

          1. if you use automatic updates, the driver will be updated on the client PC’s automatically

          2. or if this package is ‘Shown on the Start printing page’, users can download the updated SmartClient Installer Package from the uniFLOW Online Start Printing Page

        2. ‘Download’ the new installer and roll out via your preferred software distribution method.

Support

If you have further questions, please contact your Canon / Canon Business Partner representative.