JVNVU#93850661
Pass-Back Attack vulnerability in Konica Minorta bizhub series
Overview
A Vulnerability that could allow a Pass-Back Attack is reported in the Konica Minorta bizhub series.
Products Affected
A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.
Description
Konica Minorta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
- Vulnerability that could allow a Pass-Back Attack (CWE-522)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score: 6.9
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Base Score: 6.8
- CVE-2025-6081
Impact
When an affected device is configured to communicate with an external system (e.g., LDAP server), an administrative user may obtain the credential information of that external system by directing the device to send the credential information in plain text form.
Solution
Apply the workarounds
The developer provides workarounds.
For more information, refer to "Vendor Status" section below.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Konica Minolta, Inc. | Vulnerable | 2025/06/30 | Konica Minolta, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.