JVN#75307484
RICOH Streamline NX vulnerable to tampering with operation history
Overview
RICOH Streamline NX provided by Ricoh Company, Ltd. contains a vulnerability that may lead to tampering with operation history
Products Affected
- RICOH Streamline NX versions 3.5.1 to 24R3
Description
RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability.
- Use of Less Trusted Source (CWE-348)
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 2.3
- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 3.1
- CVE-2025-58422
Impact
If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product’s management tool.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Apply the workaround
The developer recommends the users to enable HTTPS and ensure all communications are encrypted.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-58422 |
| JVN iPedia |
JVNDB-2025-000077 |