Cameras
Mirrorless Cameras DSLR Cameras Compact Cameras Speedlite Flashes Wireless Transmitters Other

Lenses
Mirrorless Lenses DSLR Lenses Binoculars Monoculars

Video
Consumer Camcorder Professional Camcorder

Printers
Megatank and Home Printers Office Printers Compact Portable Printers

Large Format Printers
Graphic Poster Signage Printers Technical Document Printers

Copiers & MFP
imagePRESS LITE imageRUNNER ADVANCE DX imageRUNNER

Production
Color Sheetfed Digital Presses Monochrome Sheetfed Digital Presses

Scanners
Office Scanners Production Scanners Mobile Scanners Check Scanners Photo Scanners Wifi & Network Scanners

Office
Projectors Calculators Presenters Fax Machines

Software Solutions
Output Management Information Management Workflow Document Capture Distribution Mobile Solutions Poster Creation Software

CPE2025-052 - Vulnerability Mitigation/Remediation for Therefore Online and On-Premises

October 31, 2025
Canon Inc.

Description:

Therefore Corporation GmbH has recently become aware that Therefore™ Online and On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore™ Server. If the malicious user gains this impersonation user access, then it is possible for them to access the documents stored in Therefore™. This impersonation is at application level (Therefore access level), not the operating system level.

Affected Versions:

All Therefore™ Online and On-Premises versions.

Remediation / Mitigation:

For Therefore™ Online systems, customers have already been patched. No further action is required from users or administrators.

For Therefore™ On-Premises systems, a hotfix is available to install. We strongly recommend patching all Therefore™ On-Premises systems, regardless of version. We request our customers to please contact your local Canon office or authorized reseller partner for more information.

CVE / CVSS:

CVE-2025-11843: Therefore™ Online and On-Premises contains an account impersonation issue, which could potentially allow the attacker to access all the stored data. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Base Score: 8.8

GET PRODUCTS
Want to buy a product? Let us help you find where you can.
WHERE TO BUY
GET SUPPORT
Need help with your product? Let us help you find what you need.
PRODUCT SUPPORT
GET SERVICE
Need to service your product? Let us help you find where you can.
SERVICE LOCATOR