JVNVU#92878805
Multiple vulnerabilities in BROTHER MFPs (multifunction printers)

Overview

Multiple MFPs (multifunction printers) provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities.

Products Affected

As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed below.

• BROTHER INDUSTRIES, LTD.
• Konica Minolta, Inc.
• Ricoh Company, Ltd.

Description

Multiple MFPs provided by BROTHER INDUSTRIES, LTD. contain multiple vulnerabilities listed below.

• Improper certificate validation (CWE-295)
  • CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.3
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 3.7
  • CVE-2025-53869
• Hidden Functionality (CWE-912)
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
  • CVE-2025-55704

Impact

• The set of root certificates used by the product may be replaced with a set of arbitrary certificates by a man-in-the-middle attack (CVE-2025-53869)
• An attacker may obtain the logs of the affected product and obtain sensitive information within the logs (CVE-2025-55704)

Solution

Update the firmware
Apply the appropriate firmware update according to the information provided by the respective vendors.
For the details of the updates, refer to the information provided by the respective vendors listed on [Vendor Status] section.