Reflected Cross-Site Scripting in Ricoh Multifunction Printers
CVE-2025-41393

5.1MEDIUM

Key Information:

Vendor

Ricoh Company, Ltd.

Status
Multiple Laser Printers And Mfps Which Implement Web Image Monitor
Multiple Mfps Which Implement Web Image Monitor
Vendor
CVE Published:
12 May 2025

What is CVE-2025-41393?

A reflected cross-site scripting vulnerability is present in Ricoh laser printers and multifunction printers utilizing the Ricoh Web Image Monitor. This flaw may allow an attacker to execute arbitrary scripts in the web browser of users accessing the Web Image Monitor interface, potentially leading to unauthorized access or data manipulation. It’s crucial for users operating these devices to implement security measures and keep firmware updated to mitigate the risks associated with this vulnerability.

Affected Version(s)

Multiple laser printers and MFPs which implement Web Image Monitor see the information provided by the vendor

Multiple MFPs which implement Web Image Monitor see the information provided by the vendor

References

https://www.ricoh.com/products/security/vulnerabilities/v...
https://jp.ricoh.com/security/products/vulnerabilities/vu...
https://www.konicaminolta.jp/business/support/important/2...

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-41393 : Reflected Cross-Site Scripting in Ricoh Multifunction Printers