[Japanese]

JVNDB-2025-007607

Pass-Back Attack vulnerability in Konica Minorta bizhub series

Overview

Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.



  • Vulnerability that could allow a Pass-Back Attack (CWE-522) - CVE-2025-6081



Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.8 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


KONICA MINOLTA, INC.
  • (multiple product)

A wide range of products and versions are affected. For more information, refer to "Vendor Status" section below.
Impact

When an affected device is configured to communicate with an external system (e.g., LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form.
Solution

[Apply the workarounds]
The developer provides workarounds.
For more information, refer to "Vendor Status" section below.
Vendor Information

KONICA MINOLTA, INC.
CWE (What is CWE?)

  1. Insufficiently Protected Credentials(CWE-522) [Other]
CVE (What is CVE?)

  1. CVE-2025-6081
References

  1. JVN : JVNVU#93850661
Revision History

  • [2025/07/01]
      Web page was published