CVE-2025-58422

Summary

RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product’s management tool.

Affected Software

VendorProductVersion RangeStatus
Ricoh Company, Ltd.RICOH Streamline NXversions 3.5.1 to 24R3affected

Weaknesses

  • CWE-348: Use of less trusted source

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References