Chinese-market Toshiba printers face security flaw risking admin rights, but no data breach.
Toshiba Tec has confirmed a privilege escalation vulnerability in several of its digital multi-function printers sold exclusively in China.
The flaw, designated CVE-2025-49797, affects Windows applications in the e-STUDIO 300D, 301DN, and 302DNF models. Although the company stated no information leakage has occurred, attackers could potentially strip administrative privileges by replacing key files with malicious software.
Toshiba advises users to update the device software via service providers and suggests using firewalled networks and anti-malware tools as interim safeguards.
The issue was responsibly disclosed by Julian Horoszkiewicz of Poland-based cybersecurity firm Eviden.
