{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41393", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-05-01T06:24:40.467Z", "datePublished": "2025-05-12T08:04:39.693Z", "dateUpdated": "2025-07-14T06:23:13.218Z"}, "containers": {"cna": {"affected": [{"vendor": "Ricoh Company, Ltd.", "product": "Multiple laser printers and MFPs which implement Web Image Monitor", "versions": [{"version": "see the information provided by the vendor", "status": "affected"}]}, {"vendor": "KONICA MINOLTA JAPAN, INC.", "product": "Multiple MFPs which implement Web Image Monitor", "versions": [{"version": "see the information provided by the vendor", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting (XSS)", "lang": "en-US", "cweId": "CWE-79", "type": "CWE"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"}, {"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"}, {"url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"}, {"url": "https://jvn.jp/en/jp/JVN20474768/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-07-14T06:23:13.218Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-12T14:28:46.670592Z", "id": "CVE-2025-41393", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:29:23.249Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41393", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-12T14:28:46.670592Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-12T14:29:18.659Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Ricoh Company, Ltd.", "product": "Multiple laser printers and MFPs which implement Web Image Monitor", "versions": [{"status": "affected", "version": "see the information provided by the vendor"}]}, {"vendor": "KONICA MINOLTA JAPAN, INC.", "product": "Multiple MFPs which implement Web Image Monitor", "versions": [{"status": "affected", "version": "see the information provided by the vendor"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"}, {"url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"}, {"url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"}, {"url": "https://jvn.jp/en/jp/JVN20474768/"}], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "Cross-site scripting (XSS)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-07-14T06:23:13.218Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41393", "state": "PUBLISHED", "dateUpdated": "2025-07-14T06:23:13.218Z", "dateReserved": "2025-05-01T06:24:40.467Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-05-12T08:04:39.693Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting reflejado en las impresoras l\u00e1ser y las impresoras multifunci\u00f3n (MFP) que implementan Ricoh Web Image Monitor. Si se explota, se podr\u00eda ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 a Web Image Monitor. Para obtener informaci\u00f3n sobre los nombres y versiones de los productos afectados, consulte la informaci\u00f3n proporcionada por el proveedor en [Referencias]."}], "id": "CVE-2025-41393", "lastModified": "2025-07-14T07:15:22.890", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-05-12T08:15:19.733", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"}, {"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN20474768/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}

{}