CVE-2025-48499 - Vulnerability Details - OpenCVE

Description

Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.

Published: 2025-08-04

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

FUJIFILM Business Innovation Corp.

DocuPrint CP225 w

affected

Version	Status	Constraints
`01.23.02 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CP228 w

affected

Version	Status	Constraints
`01.23.02 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CP115 w

affected

Version	Status	Constraints
`01.09.00 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CP118 w

affected

Version	Status	Constraints
`01.09.00 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CP116 w

affected

Version	Status	Constraints
`01.09.00 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CP119 w

affected

Version	Status	Constraints
`01.09.00 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CM225 fw

affected

Version	Status	Constraints
`01.12.02 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CM228 fw

affected

Version	Status	Constraints
`01.12.02 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CM115 w

affected

Version	Status	Constraints
`01.09.01 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

DocuPrint CM118 w

affected

Version	Status	Constraints
`01.09.01 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

Apoes 2150 N

affected

Version	Status	Constraints
`01.00.47 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

Apoes 2350 NDA

affected

Version	Status	Constraints
`01.00.47 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

Apoes 2150 ND

affected

Version	Status	Constraints
`01.00.47 and earlier`	affected	—

FUJIFILM Business Innovation Corp.

Apoes 2150 NDA

affected

Version	Status	Constraints
`01.00.47 and earlier`	affected	—

No data.

No data.

Vendor	Product	Confidence	Versions
Fujifilm	Apeos 2150	—	—
Fujifilm	Apeos 2350	—	—
Fujifilm	Docuprint M115 W	—	—
Fujifilm	Docuprint M118 W	—	—
Fujifilm	Docuprint M225 Fw	—	—
Fujifilm	Docuprint M228 Fw	—	—
Fujifilm	Docuprint P115 W	—	—
Fujifilm	Docuprint P116 W	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-23486	Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0009.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://jvn.jp/en/vu/JVNVU93897456/
https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html

History

Thu, 07 Aug 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 05 Aug 2025 11:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fujifilm Fujifilm apeos 2150 Fujifilm apeos 2350 Fujifilm docuprint M115 W Fujifilm docuprint M118 W Fujifilm docuprint M225 Fw Fujifilm docuprint M228 Fw Fujifilm docuprint P115 W Fujifilm docuprint P116 W
Vendors & Products		Fujifilm Fujifilm apeos 2150 Fujifilm apeos 2350 Fujifilm docuprint M115 W Fujifilm docuprint M118 W Fujifilm docuprint M225 Fw Fujifilm docuprint M228 Fw Fujifilm docuprint P115 W Fujifilm docuprint P116 W

Mon, 04 Aug 2025 05:30:00 +0000

Type	Values Removed	Values Added
Description		Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
Weaknesses		CWE-787
References		https://jvn.jp/en/vu/JVNVU93897456/ https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Fujifilm Apeos 2150 Apeos 2350 Docuprint M115 W Docuprint M118 W Docuprint M225 Fw Docuprint M228 Fw Docuprint P115 W Docuprint P116 W

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2025-08-04T05:17:01.537Z

Updated: 2025-08-07T16:05:44.214Z

Reserved: 2025-07-14T05:09:53.900Z

Link: CVE-2025-48499

Vulnrichment

Updated: 2025-08-04T16:39:59.897Z

NVD

Status : Deferred

Published: 2025-08-04T06:15:30.377

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-48499

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-08-05T11:38:58Z

Weaknesses

CWE-787

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48499", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-07-14T05:09:53.900Z", "datePublished": "2025-08-04T05:17:01.537Z", "dateUpdated": "2025-08-07T16:05:44.214Z"}, "containers": {"cna": {"affected": [{"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP225 w", "versions": [{"version": "01.23.02 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP228 w", "versions": [{"version": "01.23.02 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP115 w", "versions": [{"version": "01.09.00 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP118 w", "versions": [{"version": "01.09.00 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP116 w", "versions": [{"version": "01.09.00 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP119 w", "versions": [{"version": "01.09.00 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM225 fw", "versions": [{"version": "01.12.02 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM228 fw", "versions": [{"version": "01.12.02 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM115 w", "versions": [{"version": "01.09.01 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM118 w", "versions": [{"version": "01.09.01 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 N", "versions": [{"version": "01.00.47 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2350 NDA", "versions": [{"version": "01.00.47 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 ND", "versions": [{"version": "01.00.47 and earlier", "status": "affected"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 NDA", "versions": [{"version": "01.00.47 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Write", "lang": "en-US", "cweId": "CWE-787", "type": "CWE"}]}], "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93897456/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-08-04T05:17:01.537Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-04T16:39:52.400612Z", "id": "CVE-2025-48499", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-07T16:05:44.214Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-04T16:39:52.400612Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-04T16:39:59.897Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP225 w", "versions": [{"status": "affected", "version": "01.23.02 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP228 w", "versions": [{"status": "affected", "version": "01.23.02 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP115 w", "versions": [{"status": "affected", "version": "01.09.00 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP118 w", "versions": [{"status": "affected", "version": "01.09.00 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP116 w", "versions": [{"status": "affected", "version": "01.09.00 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CP119 w", "versions": [{"status": "affected", "version": "01.09.00 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM225 fw", "versions": [{"status": "affected", "version": "01.12.02 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM228 fw", "versions": [{"status": "affected", "version": "01.12.02 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM115 w", "versions": [{"status": "affected", "version": "01.09.01 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "DocuPrint CM118 w", "versions": [{"status": "affected", "version": "01.09.01 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 N", "versions": [{"status": "affected", "version": "01.00.47 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2350 NDA", "versions": [{"status": "affected", "version": "01.00.47 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 ND", "versions": [{"status": "affected", "version": "01.00.47 and earlier"}]}, {"vendor": "FUJIFILM Business Innovation Corp.", "product": "Apoes 2150 NDA", "versions": [{"status": "affected", "version": "01.00.47 and earlier"}]}], "references": [{"url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html"}, {"url": "https://jvn.jp/en/vu/JVNVU93897456/"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-08-04T05:17:01.537Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48499", "state": "PUBLISHED", "dateUpdated": "2025-08-07T16:05:44.214Z", "dateReserved": "2025-07-14T05:09:53.900Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-08-04T05:17:01.537Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition."}, {"lang": "es", "value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en FUJIFILM Business Innovation MFPs. Un paquete IPP (Internet Printing Protocol) o LPD (Line Printer Daemon) especialmente manipulado puede causar una denegaci\u00f3n de servicio (DoS) en una impresora multifunci\u00f3n afectada. Es necesario reiniciar la impresora multifunci\u00f3n para recuperarse de la denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2025-48499", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-08-04T06:15:30.377", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/vu/JVNVU93897456/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.fujifilm.com/fbglobal/eng/company/news/notice/2025/0804_announce.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}