CVE-2025-41393 MEDIUM

CVE-2025-41393

Vendor Ricoh Company, Ltd.
Product Multiple laser printers and MFPs which implement Web Image Monitor
Weakness CWE-79 · XSS
Published May 12, 2025
Last update July 14, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].

Key dates

02Disclosure timeline

May 12, 2025 CVE published
July 14, 2025 Record updated