JVNVU#99295063: Brother iPrint＆Scan contains vulnerable .NET 8.0 components

Overview

Brother iPrint＆Scan contains vulnerable .NET 8.0 components.

Products Affected

Brother iPrint＆Scan, versions 12.0.1.1 to 14.0.3.3

Description

Brother iPrint＆Scan includes .NET 8.0 components, and those components contain the following vulnerabilities.

Weak authentication (CWE-1390)
- CVE-2025-24070
Allocation of resources without limits or throttling (CWE-770)
- CVE-2025-26682
External control of file name or path (CWE-73)
- CVE-2025-26646
Untrusted search path (CWE-426)
- CVE-2025-30399

Impact

Privilege escalation, DoS attack, spoofing attack, or code execution may be possible.
For details, refer to the information provided by the developer.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Brother Industries, Ltd.	Vulnerable	2025/12/11	Brother Industries, Ltd. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Brother Industries, Ltd. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99295063 Brother iPrint＆Scan contains vulnerable .NET 8.0 components