Published:2025/04/25  Last Updated:2025/04/25

JVN#82536398
Multiple vulnerabilities in Quick Agent

Overview

Quick Agent provided by SIOS Technology, Inc. contains multiple vulnerabilities.

Products Affected

  • Quick Agent V3 versions prior to Ver3.2.1
  • Quick Agent V2 versions prior to Ver2.9.8

Description

Quick Agent provided by SIOS Technology, Inc. is a Windows application for the following Ricoh MFPs' (multifunction printers) scan solutions.

  • Quick Scan
  • Easy FAX
  • Speedoc
  • Smart eco FAX
Quick Agent contains multiple vulnerabilities listed below.
  • Path traversal vulnerability in the file upload function (CWE-22)
    • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.2
    • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.1
    • CVE-2025-26692
  • Path traversal vulnerability in the file download function (CWE-22)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 7.1
    • CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
    • CVE-2025-27937
  • Improper access control vulnerability in the specific API (CWE-923)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N Base Score 6.9
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N Base Score 5.8
    • CVE-2025-31144

Impact

  • Arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running (CVE-2025-26692)
  • An arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product (CVE-2025-27937)
  • A remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running (CVE-2025-31144)

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Apply the Workaround
The following workaround may mitigate the impacts of these vulnerabilities.

  • Use the product and the MFPs within LAN and block access from untrusted networks and hosts through firewalls
  • Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when internet access is required, and restrict internet access to minimum

Vendor Status

Vendor Link
SIOS Technology, Inc. [Important] Report on Vulnerabilities in Quick Agent V2 and Quick Agent V3 (Text in Japanese, login required)
[Important] Report on Vulnerabilities in Quick Agent V2 and Quick Agent V3 (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Shota Horiguchi, Takashi Yamada of MUFG Bank, Ltd. and Ruslan Sayfiev, Masahiro Murashima of GMO Cyber Security by IERAE reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-26692
CVE-2025-27937
CVE-2025-31144
JVN iPedia JVNDB-2025-000029