JVNDB-2026-002119

Multiple vulnerabilities in BROTHER MFPs (multifunction printers)

Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.

• Improper certificate validation (CWE-295) - CVE-2025-53869
• Hidden Functionality (CWE-912) - CVE-2025-55704

Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer.
JPCERT/CC coordinated between the reporter and the developer.

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.

KONICA MINOLTA, INC.

• (Multiple Products)

Brother Industries

• (Multiple Products)

Ricoh Co., Ltd

• (multiple product)

• The set of root certificates used by the product may be replaced with a set of arbitrary certificates by a man-in-the-middle attack (CVE-2025-53869)
• An attacker may obtain the logs of the affected product and obtain sensitive information within the logs (CVE-2025-55704)

[Update the firmware]
Apply the appropriate firmware update according to the information provided by the respective vendors.
For the details of the updates, refer to the information provided by the respective vendors listed on [Vendor Status] section.

KONICA MINOLTA, INC.

• JVN : Information from Konica Minolta, Inc.
• Konica Minolta, Inc. : Konica Minolta, Inc. website

Brother Industries

• Brother Industries, Ltd. : Brother Industries, Ltd. website (in Japanese)
• JVN : Information from Brother Industries, Ltd.

Ricoh Co., Ltd

• JVN : Information from Ricoh Company, Ltd.
• Ricoh Co., Ltd. : Ricoh Company, Ltd. website

1. Improper Certificate Validation(CWE-295) [Other]
2. Hidden Functionality(CWE-912) [Other]

1. CVE-2025-53869
2. CVE-2025-55704

1. JVN : JVNVU#92878805

• [2026/01/30]
    Web page was published