JVNVU#90649144
Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS
Overview
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.
Products Affected
A wide range of printer driver are affected.
For more information, please refer to the information under "Vendor Status".
Description
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English.
- Incorrect default permissions (CWE-276)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.4
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-42598
Impact
An attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.
It is assumed that a user is directed to place a crafted DLL file in a location of the attacker's choosing.
Solution
Apply the countermeasure tool
Based on the information provided by the developer, run the Epson Software Updater, download and install the Security vulnerability patch, download and install the Epson Printer Driver Security Support Tool, etc.
Vendor Status
| Vendor | Link |
| SEIKO EPSON CORPORATION | Local privilege escalation in Windows OS through installed EPSON printers installed in non-English language |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Private security researcher Erkan Ekici reported this vulnerability to the developer and coordinated. The developer and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-42598 |
| JVN iPedia |
|