FUJIFILM Business Innovation has issued an urgent security advisory regarding a critical vulnerability affecting multiple printer models that could cause devices to freeze when processing specific network protocol packets.
The vulnerability, designated CVE-2025-48499, impacts the Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) protocol processing capabilities across various DocuPrint and Apeos printer series.
Technical Details of Buffer Overflow Vulnerability
The security flaw stems from improper data validation during buffer memory operations within the printer’s protocol processing system.
According to FUJIFILM’s technical analysis, the vulnerability occurs when the printer fails to adequately validate data length parameters in existing logic frameworks.
When packets of specific predetermined lengths are transmitted to affected devices, the incoming data may be written beyond the designated buffer memory area, triggering a buffer overflow condition that results in system instability.
The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that malicious actors could potentially exploit this flaw to launch denial-of-service attacks against vulnerable printers.
The affected protocols—IPP, which handles modern network printing requests, and LPD, a legacy protocol still widely used in enterprise environments—represent critical communication pathways that could be targeted by attackers seeking to disrupt printing operations.
Security researchers from Beihang University’s School of Cyber Science and Technology, including Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan, discovered and responsibly disclosed this vulnerability to FUJIFILM, enabling the company to develop appropriate countermeasures.
Mitigation Strategies and Firmware Updates
FUJIFILM has released updated firmware versions addressing the vulnerability across all affected product lines.
The DocuPrint CP225w and CP228w models require firmware version 01.24.00 or later, while the CP115w, CP116w, CP118w, and CP119w series need version 01.11.00 or later.
The DocuPrint CM225fw and CM228fw multifunction devices require firmware 01.13.00 or later, and the Apeos 2150 and 2350 series need version 01.20.50 or later.
As immediate protective measures, FUJIFILM recommends deploying affected printers behind properly configured firewalls to prevent external exploitation attempts.
Organizations should prioritize firmware updates and implement network segmentation strategies to isolate printing infrastructure from potentially malicious traffic.
In cases where printers experience freezing symptoms, administrators can restore functionality through device reboots while planning systematic firmware deployment across their printer fleets.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=The vulnerability, designated CVE-2025-48499, impacts the Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) protocol processing capabilities across various DocuPrint and Apeos printer series.){kind=link}