Published:2025/06/30  Last Updated:2025/06/30

JVNVU#95470660
Multiple vulnerabilities in Web Connection of Konica Minolta MFPs

Overview

Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities.

Products Affected

  • bizhub C759/C659 all versions
  • bizhub C658/C558/C458 all versions
  • bizhub C368/C308/C258 all versions
  • bizhub C287/C227 all versions
  • bizhub C3851/C3851FS/C3351 all versions
  • bizhub 958/808/758 all versions
  • bizhub 658e/558e/458e all versions
  • bizhub 368e/308e all versions
  • bizhub 558/458/368/308 all versions
  • bizhub 367/287/227 all versions
  • bizhub 4752/4052 all versions

Description

Multiple MFPs (multifunction printers) provided by Konica Minolta, Inc. contain multiple vulnerabilities listed below.

  • Cross-site scripting (CWE-79)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
    • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N Base Score 3.5
    • CVE-2025-5884
  • Cross-site request forgery (CWE-352)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
    • CVE-2025-5885

Impact

  • An arbitrary script may be executed on the web browser of the user who logged in to Web Connection (CVE-2025-5884)
  • If a user accesses a specially crafted URL while logged in to Web Connection, unintended operations may be performed (CVE-2025-5885)

Solution

Apply the workaround
The developer recommends to apply the workaround to mitigate the impact of these vulnerabilities.
For more details, refer to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Konica Minolta, Inc. Vulnerable 2025/06/30 Konica Minolta, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Konica Minolta, Inc. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia