CVE-2025-66635
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in SEIKO EPSON Web Config Enables Code Execution

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: JPCERT/CC

Description
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under [References].
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66635
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
seiko_epson web_config *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow an attacker with administrator access to execute arbitrary commands on the affected Epson printers. This could lead to resetting device settings, sending unauthorized network packets like Ping to other devices, or other malicious actions. It may disrupt printer functionality, compromise network security, or be used as a foothold for further attacks within the network. [1, 2]

Executive Summary

CVE-2025-66635 is a stack-based buffer overflow vulnerability in SEIKO EPSON printers' Web Config interface. It allows an authenticated user with administrator privileges to execute arbitrary code by inputting specially crafted data. This means that a logged-in user can potentially run unauthorized commands on the printer, which could affect its operation or security. [1, 2]

Detection Guidance

Detection involves verifying if the SEIKO EPSON Web Config interface is accessible and if an authenticated user can input specially crafted data to trigger the vulnerability. Since the vulnerability requires logged-in access, checking for unauthorized or suspicious logins to the Web Config interface is important. Epson mentions that attackers can execute commands such as resetting device settings or sending Ping packets. Therefore, monitoring for unusual device resets or unexpected network traffic (e.g., unusual ping requests originating from printers) may help detect exploitation attempts. Specific commands are not provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Updating the printer firmware to the latest version provided by Epson for affected models. 2) For models without planned firmware updates (e.g., UB-R04 receipt printer), apply Epson's recommended mitigation measures. 3) Set complex administrator passwords with at least 8 characters including letters, numbers, and symbols. 4) Ensure printers are not directly connected to the internet and are placed within firewall-protected networks using private IP addresses. 5) Follow Epson's Security Guidebook for recommended installation and configuration practices to enhance device security. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66635. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart