[Japanese]

JVNDB-2025-000029

Multiple vulnerabilities in Quick Agent

Overview

Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' (multifunction printers) scan solutions.

* Quick Scan
* Easy FAX
* Speedoc
* Smart eco FAX

Quick Agent contains multiple vulnerabilities listed below.

* Path traversal vulnerability in the file upload function (CWE-22) - CVE-2025-26692
* Path traversal vulnerability in the file download function (CWE-22) - CVE-2025-27937
* Improper access control vulnerability in the specific API (CWE-923) - CVE-2025-31144

Shota Horiguchi, Takashi Yamada of MUFG Bank, Ltd. and Ruslan Sayfiev, Masahiro Murashima of GMO Cyber Security by IERAE reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.1 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-26692

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-27937

CVSS V3 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-31144
Affected Products


SIOS Technology, Inc.
  • Quick Agent V3 versions prior to Ver3.2.1
  • Quick Agent V2 versions prior to Ver2.9.8

Impact

* Arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running (CVE-2025-26692)
* An arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product (CVE-2025-27937)
* A remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running (CVE-2025-31144)
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.

[Apply the Workaround]
The following workaround may mitigate the impacts of these vulnerabilities.

* Use the product and the MFPs within LAN and block access from untrusted networks and hosts through firewalls
* Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, and restrict internet access to minimum
Vendor Information

SIOS Technology, Inc.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
  2. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-26692
  2. CVE-2025-27937
  3. CVE-2025-31144
References

  1. JVN : JVN#82536398
Revision History

  • [2025/04/25]
      Web page was published

Date Public2025/04/25
Date First Published2025/04/25
Date Last Updated2025/04/25