{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-48825", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-06-12T01:53:37.255Z", "datePublished": "2025-06-13T08:19:06.089Z", "dateUpdated": "2025-06-23T16:07:13.424Z"}, "containers": {"cna": {"affected": [{"vendor": "Ricoh Company, Ltd.", "product": "RICOH Streamline NX V3 PC Client", "versions": [{"version": "versions 3.5.0 to 3.7.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code."}], "problemTypes": [{"descriptions": [{"description": "Use of less trusted source", "lang": "en-US", "cweId": "CWE-348", "type": "CWE"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000006"}, {"url": "https://jvn.jp/en/jp/JVN27937557/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "LOW", "baseScore": 2.5, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "LOW", "baseScore": 2, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-06-13T08:19:06.089Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T15:05:23.850151Z", "id": "CVE-2025-48825", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T16:07:13.424Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-13T15:05:23.850151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T15:05:34.202Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 2.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 2, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Ricoh Company, Ltd.", "product": "RICOH Streamline NX V3 PC Client", "versions": [{"status": "affected", "version": "versions 3.5.0 to 3.7.0"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000006"}, {"url": "https://jvn.jp/en/jp/JVN27937557/"}], "descriptions": [{"lang": "en", "value": "RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-348", "description": "Use of less trusted source"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-06-13T08:19:06.089Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48825", "state": "PUBLISHED", "dateUpdated": "2025-06-23T16:07:13.424Z", "dateReserved": "2025-06-12T01:53:37.255Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-06-13T08:19:06.089Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code."}, {"lang": "es", "value": "Las versiones 3.5.0 a 3.7.0 de RICOH Streamline NX V3 PC Client contienen un problema con el uso de una fuente menos confiable, lo que puede permitir que un atacante que pueda realizar un ataque intermediario esp\u00ede solicitudes de actualizaci\u00f3n y ejecute una DLL maliciosa con c\u00f3digo personalizado."}], "id": "CVE-2025-48825", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2025-06-13T09:15:19.937", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN27937557/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000006"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-348"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}