A vulnerability in FUJIFILM printers could allow attackers to initiate a Denial of Service (DoS) condition.

A critical security vulnerability, tracked as CVE-2025-48499, has been identified in multiple FUJIFILM printer models, including various DocuPrint and Apeos series. This vulnerability allows attackers to trigger denial-of-service (DoS) conditions by sending malicious network packets, resulting in printers freezing and requiring manual rebooting. The issue arises from an out-of-bounds write condition in the printer’s buffer memory processing system, particularly when handling Internet Printing Protocol (IPP) and Line Printer Daemon (LPD) packets. The vulnerability has been classified under Common Weakness Enumeration (CWE-787) and carries a CVSS v3.1 score of 5.3, indicating medium severity. Affected models include the DocuPrint CP225w, CP228w, CP115w, CP118w, CP116w, CP119w, CM225fw, CM228fw, CM115w, CM118w, and the Apeos 2150N, 2350NDA, 2150ND, and 2150NDA.

FUJIFILM has urged organisations to update their printer firmware immediately to mitigate the risks associated with this vulnerability. Specific firmware versions addressing the issue range from 01.11.00 to 01.24.00, depending on the model. As a temporary measure, FUJIFILM recommends deploying affected devices behind firewalls to prevent external attacks and suggests manual rebooting if printers become unresponsive. The vulnerability was discovered by researchers from Beihang University’s School of Cyber Science and Technology, underscoring the importance of academic research in identifying enterprise vulnerabilities. Organisations using affected FUJIFILM printers should prioritise firmware updates to ensure operational continuity and security.