• Vulnerabilities affecting the Web Connection of Konica Minolta MFPs

    Warning alert system concept, system hacked on computer network, cybercrime and virus, Malicious software, compromised information, illegal connection, data breach cybersecurity vulnerability.warning, hacker, alert, crime, system, security, spyware, attack, network, access, cyber, data, information, internet, message, password, concept, cyber security, protection, server, software, virus, computer, danger, technology, digital, connection, cyberspace, leak, online, safety, website, fraud, malicious, vulnerability, web, antivirus, breach, detection, malware, intrusion, corporate, firewall, privacy, problem, typing, laptop, notebook, notice, red, warning, hacker, alert, crime, system, security, spyware, attack, network, access, cyber, data, information, internet, message, password, concept, cyber security, protection, server, software, virus, computer, danger, technology, digital, connection, cyberspace, leak, online, safety, website, fraud, malicious, vulnerability, web, antivirus, breach, detection, malware, intrusion, corporate, firewall, privacy, problem, typing, laptop, notebook, notice
Warning alert system concept, system hacked on computer network, cybercrime and virus, Malicious software, compromised information, illegal connection, data breach cybersecurity vulnerability
Corporate/Company,  warning,  hacker,  alert,  crime,  system,  security,  spyware,  attack,  network,  access,  cyber,  data,  information,  internet,  message,  password,  concept,  protection,  server,  software,  virus,  computer,  danger,  technology,  digital,  connection,  cyberspace,  leak,  online,  safety,  website,  fraud,  malicious,  vulnerability,  web,  antivirus,  breach,  detection,  malware,  intrusion,  corporate,  firewall,  privacy,  problem,  typing,  laptop,  notebook,  notice,  red,  cyber security,  log4j

Vulnerabilities affecting the Web Connection of Konica Minolta MFPs

Dear Customers,

We deeply appreciate your constant patronage to Konica Minolta products.

Two vulnerabilities have been newly identified in the indicated models.

This advisory provides an overview of the issue and the recommended countermeasures.

Please note that, at the time of publication (June 30th, 2025), there have been no confirmed security incidents globally resulting from the exploitation of these vulnerabilities.

Overview of the vulnerabilities

Ref. ID

CVSSv3.1

Base Score

EPSS*

Vulnerabilities description

CVE-2025-5884

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

3.5

0.03%

Cross-site scripting vulnerability (CWE94, CWE-79) was found in the specific input fields of Web Connection.

CVE-2025-5885

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3

0.02%

Cross-site request forgery vulnerability (CWE-352, CWE-862) was found in Web Connection.

*EPSS: Probability of exploitation activity in the next 30 days

Affected Models and the countermeasure firmware

Product name

Affected version

bizhub C759/C659

bizhub C658/C558/C458

bizhub C368/C308/C258

bizhub C287/C227

bizhub C3851/C3851FS/C3351

bizhub 958/808/758

bizhub 658e/558e/458e

bizhub 368e/308e

bizhub 558/458/368/308

bizhub 367/287/227

bizhub 4752/4052

All Versions

Impact on Multifunction Printers

CVE-2025-5884: An arbitrary script may be executed on the web browser of the user accessing the web connection.

CVE-2025-5885: There is a possibility that the configuration of the product may be changed unintentionally, or that an unintended operation may be performed.

Vulnerability Specific Recommendation

If possible, completely disable the Web Connection. The vulnerability will not be exploitable as a result. Alternatively, kindly follow our general recommendations.

General Security Recommendations

To ensure a secure operating posture for your multifunction devices, and to reduce exposure to the vulnerabilities described in this advisory, Konica Minolta strongly recommends applying the following configuration best practices:

For comprehensive information on secure configuration, please refer to our Product Security web site.

Enhancing the Security of Products and Services

Konica Minolta considers the security of its products and services to be an important responsibility and will continue to actively respond to incidents and vulnerabilities.

Related Information

Acknowledgements

We would like to express our sincere appreciation to the VulDB CNA Team for discovering and responsibly reporting this vulnerability.

Contact

Should you require further clarification or assistance with implementing the recommended measures or applying the relevant firmware update, please contact your authorized Konica Minolta service representative.