CVE-2025-41393: Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image...

6.1 CVSS

Description

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendor under [References].

Classification

CVE ID: CVE-2025-41393

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem Types

Cross-site scripting (XSS)

Affected Products

Vendor: Ricoh Company, Ltd.

Product: The specific versions of laser printers and MFPs which implement Web Image Monitor

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 7.44% (scored less or equal to compared to others)

EPSS Date: 2025-05-14 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41393
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001
https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001
https://jvn.jp/en/jp/JVN20474768/

Timeline

2025-05-12 09:40:10 UTC
CVE

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image...