Notification of vulnerability in IPP and LPD protocol processing for FUJIFILM printers
August 4, 2025
Dear Customers,
We would like to thank you for your continuous support to FUJIFILM products. We have confirmed a vulnerability that may cause some FUJIFILM printers to freeze when processing some specific IPP and LPD protocol packets.
Please refer to the description below for further details and consider applying the fixed firmware.
Description
The printer may freeze when some specific IPP and LPD protocol packets are processed.
The issue arises during data writing process in the buffer memory on the printer. There is a possibility of failing to validate the length of the data in the existing logic. When data of certain length is received, the data may be written beyond the specified buffer area. (CVE-2025-48499)
Countermeasure
Please update the firmware to the fixed version.
Workarounds
Please use devices inside the firewall to avoid malicious attacks.
If your printer freezes, please reboot it.
Related Information
Acknowledgements
We would like to express our gratitude to Jia-Ju Bai, Rui-Nan Hu, Dong Zhang, and Zhen-Yu Guan, from the School of Cyber Science and Technology of Beihang University for the finding of the vulnerability.
Contact
Please visit FUJIFILM Business Innovation support website to find for more details:
https://support-fb.fujifilm.com/
Affected Models and Versions and Fixed Firmware Versions
| Affected models | Affected firmware versions | Fixed firmware versions |
|---|---|---|
| DocuPrint CP225 w DocuPrint CP228 w |
01.23.02 or earlier | 01.24.00 or later |
| DocuPrint CP115 w DocuPrint CP118 w |
01.09.00 or earlier | 01.11.00 or later |
| DocuPrint CP116 w DocuPrint CP119 w |
01.09.00 or earlier | 01.11.00 or later |
| DocuPrint CM225fw DocuPrint CM228fw |
01.12.02 or earlier | 01.13.00 or later |
| DocuPrint CM115 w DocuPrint CM118 w |
01.09.01 or earlier | 01.11.00 or later |
| Apeos 2150 N Apeos 2350 NDA Apeos 2150 ND Apeos 2150 NDA |
01.00.47 or earlier | 01.20.50 or later |