CVE-2025-66635
Stack-Based Buffer Overflow in SEIKO EPSON Web Config Enables Code Execution
Publication date: 2025-12-16
Last updated on: 2025-12-16
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| seiko_epson | web_config | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow an attacker with administrator access to execute arbitrary commands on the affected Epson printers. This could lead to resetting device settings, sending unauthorized network packets like Ping to other devices, or other malicious actions. It may disrupt printer functionality, compromise network security, or be used as a foothold for further attacks within the network. [1, 2]
Can you explain this vulnerability to me?
CVE-2025-66635 is a stack-based buffer overflow vulnerability in SEIKO EPSON printers' Web Config interface. It allows an authenticated user with administrator privileges to execute arbitrary code by inputting specially crafted data. This means that a logged-in user can potentially run unauthorized commands on the printer, which could affect its operation or security. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves verifying if the SEIKO EPSON Web Config interface is accessible and if an authenticated user can input specially crafted data to trigger the vulnerability. Since the vulnerability requires logged-in access, checking for unauthorized or suspicious logins to the Web Config interface is important. Epson mentions that attackers can execute commands such as resetting device settings or sending Ping packets. Therefore, monitoring for unusual device resets or unexpected network traffic (e.g., unusual ping requests originating from printers) may help detect exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the printer firmware to the latest version provided by Epson for affected models. 2) For models without planned firmware updates (e.g., UB-R04 receipt printer), apply Epson's recommended mitigation measures. 3) Set complex administrator passwords with at least 8 characters including letters, numbers, and symbols. 4) Ensure printers are not directly connected to the internet and are placed within firewall-protected networks using private IP addresses. 5) Follow Epson's Security Guidebook for recommended installation and configuration practices to enhance device security. [1, 2]