Published:2025/06/30  Last Updated:2025/06/30

JVNVU#93850661
Pass-Back Attack vulnerability in Konica Minorta bizhub series

Overview

A Vulnerability that could allow a Pass-Back Attack is reported in the Konica Minorta bizhub series.

Products Affected

A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.

Description

Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.

  • Vulnerability that could allow a Pass-Back Attack (CWE-522)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.9
    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Base Score: 6.8
    • CVE-2025-6081

Impact

When an affected device is configured to communicate with an external system (e.g., LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form.

Solution

Apply the workarounds
The developer provides workarounds.
For more information, refer to "Vendor Status" section below.

Vendor Status

Vendor Status Last Update Vendor Notes
Konica Minolta, Inc. Vulnerable 2025/06/30 Konica Minolta, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia