Published:2025/06/30 Last Updated:2025/06/30
JVNVU#95470660
Multiple vulnerabilities in Web Connection of Konica Minolta MFPs
Overview
Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities.
Products Affected
- bizhub C759/C659 all versions
- bizhub C658/C558/C458 all versions
- bizhub C368/C308/C258 all versions
- bizhub C287/C227 all versions
- bizhub C3851/C3851FS/C3351 all versions
- bizhub 958/808/758 all versions
- bizhub 658e/558e/458e all versions
- bizhub 368e/308e all versions
- bizhub 558/458/368/308 all versions
- bizhub 367/287/227 all versions
- bizhub 4752/4052 all versions
Description
Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below.
- Cross-site scripting (CWE-79)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Base Score 3.5
- CVE-2025-5884
- Cross-site request forgery (CWE-352)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2025-5885
Impact
- An arbitrary script may be executed on the web browser of the user who logged in to Web Connection (CVE-2025-5884)
- If a user accesses a specially crafted URL while logged in to Web Connection, unintended operations may be performed (CVE-2025-5885)
Solution
Apply the workaround
The developer recommends to apply the workaround to mitigate the impact of these vulnerabilities.
For more details, refer to the information provided by the developer.
Vendor Status
Vendor | Status | Last Update | Vendor Notes |
---|---|---|---|
Konica Minolta, Inc. | Vulnerable | 2025/06/30 | Konica Minolta, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.