FUJIFILM Printers Vulnerability Let Attackers Trigger DoS Condition
A critical security vulnerability affecting multiple FUJIFILM printer models could allow attackers to trigger denial-of-service (DoS) conditions through malicious network packets.
The vulnerability, tracked as CVE-2025-48499, was announced on August 4, 2025, and affects various DocuPrint and Apoes printer series.
Key Takeaways
1. CVE-2025-48499 allows attackers to crash FUJIFILM DocuPrint and Apeos printers.
2. Printers freeze and require manual reboot, causing operational disruptions.
3. Update firmware immediately.
Out-of-Bounds Write Vulnerability
The vulnerability stems from an out-of-bounds write condition in the printer’s buffer memory processing system, specifically when handling Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) packets.
According to FUJIFILM’s security advisory, the issue occurs during the data writing process when the existing logic fails to properly validate data length parameters.
When specially crafted packets of certain lengths are received, data may be written beyond the designated buffer area, causing the printer to freeze and become unresponsive.
The vulnerability has been assigned a Common Weakness Enumeration (CWE-787) classification for out-of-bounds write conditions and carries a CVSS v3.1 score of 5.3 (Medium severity) and a CVSS v4.0 score of 6.9 (Medium severity).
The affected models include multiple DocuPrint series printers such as CP225w, CP228w, CP115w, CP118w, CP116w, CP119w, CM225fw, CM228fw, CM115w, and CM118w, as well as Apeos 2150N, 2350NDA, 2150ND, and 2150NDA models.
Each model has specific affected firmware version ranges, with the most vulnerable versions being those released before the latest security patches.
The vulnerability was discovered by security researchers Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan from Beihang University’s School of Cyber Science and Technology, highlighting the importance of academic security research in identifying enterprise vulnerabilities.
| Risk Factors | Details |
| Affected Products | DocuPrint CP225w/CP228w, CP115w/CP118w/CP116w/CP119w, CM225fw/CM228fw, CM115w/CM118w, Apeos 2150N/2350NDA/2150ND/2150NDA |
| Impact | Denial-of-Service (DoS) |
| Exploit Prerequisites | Network access to printer, no authentication required, low attack complexity, no user interaction needed |
| CVSS 3.1 Score | 5.3 (Medium) |
Mitigations
FUJIFILM has released updated firmware versions to address the vulnerability across all affected printer models.
The company recommends immediate firmware updates as the primary countermeasure, with specific fixed versions available for each printer series, ranging from version 01.11.00 to 01.24.00, depending on the model.
As temporary workarounds, FUJIFILM advises deploying affected devices behind firewalls to prevent external malicious attacks and suggests manual rebooting if printers become unresponsive.
Organizations using affected FUJIFILM printers should prioritize firmware updates and implement network segmentation to minimize potential attack vectors until patches can be deployed across their printer infrastructure.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
Source link
