CVE-2025-41393
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ricoh Company, Ltd. | Multiple laser printers and MFPs which implement Web Image Monitor | see the information provided by the vendor | affected |
| KONICA MINOLTA JAPAN, INC. | Multiple MFPs which implement Web Image Monitor | see the information provided by the vendor | affected |
Weaknesses
- CWE-79: Cross-site scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001
- https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001
- https://www.konicaminolta.jp/business/support/important/250714_01_01.html
- https://jvn.jp/en/jp/JVN20474768/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.