[Japanese]
|
JVNDB-2025-007595
|
Multiple vulnerabilities in Web Connection of Konica Minolta MFPs
|
Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below.
- Cross-site scripting (CWE-79) - CVE-2025-5884
- Cross-site request forgery (CWE-352) - CVE-2025-5885
Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
|
CVSS V3 Severity: Base Metrics 4.3 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-5885
|
CVSS V3 Severity:
Base Metrics3.5 (Low) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-5884
|
|
KONICA MINOLTA, INC.
- bizhub 227 firmware all versions
- bizhub 287 firmware all versions
- bizhub 308 firmware all versions
- bizhub 308e firmware all versions
- bizhub 367 firmware all versions
- bizhub 368 firmware all versions
- bizhub 368e firmware all versions
- bizhub 4052 firmware all versions
- bizhub 458 firmware all versions
- bizhub 458e firmware all versions
- bizhub 4752 firmware all versions
- bizhub 558 firmware all versions
- bizhub 558e firmware all versions
- bizhub 658e firmware all versions
- bizhub 758 firmware all versions
- bizhub 808 firmware all versions
- bizhub 958 firmware all versions
- bizhub C227 firmware all versions
- bizhub C258 firmware all versions
- bizhub C287 firmware all versions
- bizhub C308 firmware all versions
- bizhub C3351 firmware all versions
- bizhub C368 firmware all versions
- bizhub C3851 firmware all versions
- bizhub C3851FS firmware all versions
- bizhub C458 firmware all versions
- bizhub C558 firmware all versions
- bizhub C658 firmware all versions
- bizhub C659 firmware all versions
- bizhub C759 firmware all versions
|
|
- An arbitrary script may be executed on the web browser of the user who logged in to Web Connection (CVE-2025-5884)
- If a user accesses a specially crafted URL while logged in to Web Connection, unintended operations may be performed (CVE-2025-5885)
|
[Apply the workaround]
The developer recommends to apply the workaround to mitigate the impact of these vulnerabilities.
For more details, refer to the information provided by the developer.
|
KONICA MINOLTA, INC.
|
- Cross-Site Request Forgery(CWE-352) [Other]
- Cross-site Scripting(CWE-79) [Other]
|
- CVE-2025-5884
- CVE-2025-5885
|
- JVN : JVNVU#95470660
|
- [2025/07/01]
Web page was published
|