Cameras
Mirrorless Cameras DSLR Cameras Compact Cameras Speedlite Flashes Wireless Transmitters Other

Lenses
Mirrorless Lenses DSLR Lenses Binoculars Monoculars

Video
Consumer Camcorder Professional Camcorder

Printers
Megatank and Home Printers Office Printers Compact Portable Printers

Large Format Printers
Graphic Poster Signage Printers Technical Document Printers

Copiers & MFP
imagePRESS LITE imageRUNNER ADVANCE DX imageRUNNER

Production
Color Sheetfed Digital Presses Monochrome Sheetfed Digital Presses

Scanners
Office Scanners Production Scanners Mobile Scanners Check Scanners Photo Scanners Wifi & Network Scanners

Office
Projectors Calculators Presenters Fax Machines

Software Solutions
Output Management Information Management Workflow Document Capture Distribution Mobile Solutions Poster Creation Software

CPE2025-052 - Vulnerability Mitigation/Remediation for Therefore Online and On-Premises

October 21, 2025
Canon Inc.

Description:

Therefore™ has recently become aware that the Therefore™ Online and On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access all the documents stored in Therefore™. This impersonation would have affected the Therefore level only, not the operating system level.

Affected Versions:

All Therefore™ On-Premises versions.

  • For Therefore™ 2025, 2024, and 2023, a hotfix is available to install.

  • Therefore™ 2022 and earlier versions are no longer under support and thus ineligible for a hotfix. An alternative method to secure such systems is described in the Therefore knowledge base article.

Note: All Therefore™ Online systems have already been patched. No further action is required from users or administrators.

Remediation/Mitigation:

We strongly recommend patching all Therefore™ On-Premises systems, regardless of version.

  • Therefore™ Community members with Extranet access: Read the knowledge base article and follow the instructions.

  • Customers: Please contact your local Canon office or authorized reseller partner for more information.

CVE/CVSS:

CVE-2025-11843: Therefore™ Online and On-Premises contains an account impersonation issue which could potentially allow the attacker to access all the stored data. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Base Score: 8.8

GET PRODUCTS
Want to buy a product? Let us help you find where you can.
WHERE TO BUY
GET SUPPORT
Need help with your product? Let us help you find what you need.
PRODUCT SUPPORT
GET SERVICE
Need to service your product? Let us help you find where you can.
SERVICE LOCATOR