[Japanese]

JVNDB-2025-007595

Multiple vulnerabilities in Web Connection of Konica Minolta MFPs

Overview

Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below.

  • Cross-site scripting (CWE-79) - CVE-2025-5884

  • Cross-site request forgery (CWE-352) - CVE-2025-5885



Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-5885


CVSS V3 Severity:
Base Metrics3.5 (Low) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-5884
Affected Products


KONICA MINOLTA, INC.
  • bizhub 227 firmware all versions
  • bizhub 287 firmware all versions
  • bizhub 308 firmware all versions
  • bizhub 308e firmware all versions
  • bizhub 367 firmware all versions
  • bizhub 368 firmware all versions
  • bizhub 368e firmware all versions
  • bizhub 4052 firmware all versions
  • bizhub 458 firmware all versions
  • bizhub 458e firmware all versions
  • bizhub 4752 firmware all versions
  • bizhub 558 firmware all versions
  • bizhub 558e firmware all versions
  • bizhub 658e firmware all versions
  • bizhub 758 firmware all versions
  • bizhub 808 firmware all versions
  • bizhub 958 firmware all versions
  • bizhub C227 firmware all versions
  • bizhub C258 firmware all versions
  • bizhub C287 firmware all versions
  • bizhub C308 firmware all versions
  • bizhub C3351 firmware all versions
  • bizhub C368 firmware all versions
  • bizhub C3851 firmware all versions
  • bizhub C3851FS firmware all versions
  • bizhub C458 firmware all versions
  • bizhub C558 firmware all versions
  • bizhub C658 firmware all versions
  • bizhub C659 firmware all versions
  • bizhub C759 firmware all versions

Impact


  • An arbitrary script may be executed on the web browser of the user who logged in to Web Connection (CVE-2025-5884)

  • If a user accesses a specially crafted URL while logged in to Web Connection, unintended operations may be performed (CVE-2025-5885)


Solution

[Apply the workaround]
The developer recommends to apply the workaround to mitigate the impact of these vulnerabilities.
For more details, refer to the information provided by the developer.
Vendor Information

KONICA MINOLTA, INC.
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [Other]
  2. Cross-site Scripting(CWE-79) [Other]
CVE (What is CVE?)

  1. CVE-2025-5884
  2. CVE-2025-5885
References

  1. JVN : JVNVU#95470660
Revision History

  • [2025/07/01]
      Web page was published