Toshiba Tec confirmed some China-only devices face software flaw risking admin privilege loss.
Toshiba Tec has disclosed a security vulnerability in a Windows application used in select digital multi-function peripherals sold exclusively in China. The vulnerability, registered as CVE-2025-49797, could allow administrative privileges to be compromised if malicious files replace legitimate ones during software use or installation.
The affected models—e-STUDIO 300D, 301DN and 302DNF—are limited to the Chinese market. Toshiba Tec stated the vulnerability does not result in data leakage but urged users to update their device software via authorised service providers.
As a temporary safeguard, users are advised to operate devices within firewall-protected environments and deploy robust antivirus measures. The vulnerability was reported by Julian Horoszkiewicz of Eviden, Poland.
Toshiba Tec has not confirmed how many units are affected or if any exploitation has occurred.
