Cross Site Scripting Vulnerability in Konica Minolta bizhub Devices
CVE-2025-5884

5.1MEDIUM

Key Information:

Vendor

Konica Minolta

Status
Bizhub
Vendor
CVE Published:
9 June 2025

What is CVE-2025-5884?

A vulnerability has been identified in Konica Minolta bizhub devices, specifically affecting the Display MFP Information List component. This issue arises due to improper handling of the Model Name argument, which can be exploited to execute cross site scripting attacks. The flaw allows remote attackers to manipulate input data, potentially leading to unauthorized script execution within a user's browser session. The vulnerability has been disclosed publicly, prompting users to take necessary security precautions to mitigate potential threats.

Affected Version(s)

bizhub 20250202

References

https://vuldb.com/?id.311655
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311655
signaturepermissions-required
https://vuldb.com/?submit.493653
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Upasana (VulDB User)
.