CVE-2025-42598
HIGHSEIKO EPSON printer drivers for Windows OS - Unauthenticated Arbitrary Code Execution via DLL Placement
Title source: llmDescription
Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed.
References (4)
Core 4
Core References
Third Party Advisory
https://jvn.jp/en/vu/JVNVU90649144/
Various Sources
https://www.epson.co.uk/en_GB/faq/KA-01993/contents?loc=en-us
Various Sources
https://www.epson.jp/support/misc_t/250428_oshirase.htm
Various Sources
https://www2.epson.jp/support/misc_t/windrv_productlist.pdf
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
5.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (1)
SEIKO EPSON CORPORATION/SEIKO EPSON printer drivers for Windows OS
see the information provided by SEIKO EPSON CORPORATION.
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026