JVNVU#99831542
Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series
Overview
A vulnerability that could allow a Denial-of-Service (DoS) is reported in the Konica Minolta bizhub series.
Products Affected
A wide range of products and versions are affected.
For more information, refer to "Vendor Status" section below.
Description
Konica Minolta bizhub series provided by Konica Minolta, Inc. contains the following vulnerability.
- Uncaught exception (CWE-248)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 4.3
- CVE-2025-54777
Impact
If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
Solution
Update the Firmware
According to Konica Minolta, the fixed firmware will be deployed incrementally. Devices will receive the update either via remote delivery or through on-site service by an authorized representative.
Apply the workarounds
Konica Minolta also recommends applying a workaround.
For more information, refer to "Vendor Status" section below.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Konica Minolta, Inc. | Vulnerable | 2025/08/29 | Konica Minolta, Inc. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Konica Minolta, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-54777 |
| JVN iPedia |
|