PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-63579 Kyocera CVE debrief

CVE-2025-63579 is a high-severity vulnerability affecting various Kyocera printer models, including TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, and TASKalfa 3254ci. It allows unauthorized access to export all information stored in the Kyocera address book, potentially exposing sensitive data such as passwords. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The security measure that encrypts incoming data can be bypassed with this vulnerability, enabling attackers to decrypt and obtain sensitive information.

Vendor
Kyocera
Product
TASKalfa series printers
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Organizations using affected Kyocera printer models should prioritize patching this vulnerability to prevent potential data breaches. This includes reviewing their current printer configurations, ensuring that all affected models are identified, and implementing necessary security measures to protect sensitive information. IT teams and security professionals responsible for managing these printers should take immediate action to mitigate the risk.

Technical summary

The vulnerability, with a CVSS score of 7.5, allows attackers to bypass security measures that encrypt incoming data, enabling them to decrypt and obtain sensitive information. Affected models include TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, and TASKalfa 3254ci. The vulnerability can be exploited by unauthorized parties to access and export sensitive information stored in the Kyocera address book.

Defensive priority

High

Recommended defensive actions

  • Apply vendor patches or updates for affected Kyocera printer models
  • Restrict access to printer configuration and address book data
  • Monitor printer logs for suspicious activity
  • Implement additional security measures such as network segmentation and encryption
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T19:16:57.757Z and last modified on 2026-07-10T18:50:20.507Z. The NVD entry is currently Deferred. The vulnerability affects various Kyocera printer models, allowing unauthorized access to export all information stored in the Kyocera address book. This could potentially expose sensitive data such as passwords. The security measure that encrypts incoming data can be bypassed with this vulnerability, allowing encrypted data to be decrypted. Evidence of exploitation is not currently available, but defenders should verify the integrity of their printer configurations and monitor for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T19:16:57.757Z and has not been modified since then. The NVD entry is currently Deferred.