CVE-2025-41393

Vulnerability

Overview

CVE-2025-41393 is a reflected cross-site scripting (XSS) vulnerability in the Web Image Monitor component found in multiple laser printers and multifunction printers (MFPs) from Ricoh and Konica Minolta [1][2][3]. Web Image Monitor is a built-in web server used for device management. The vulnerability arises because the application fails to properly sanitize user input before reflecting it back in web pages, allowing an attacker to inject malicious scripts [3]. The CVSS v3 base score is 6.1 (Medium) and the attack vector is network-based [3].

Exploitation

An attacker can exploit this vulnerability by crafting a specially crafted URL containing malicious JavaScript [3]. The attack does not require authentication but does rely on user interaction: the victim must click on the crafted link (e.g., via phishing email) while being able to access the Web Image Monitor interface. If the victim is on the same network as the printer, the attacker can lure them to the malicious URL, causing the script to execute in the context of the Web Image Monitor session [3].

Impact

Successful exploitation allows the attacker to execute arbitrary scripts in the victim's web browser associated with Web Image Monitor [1][3]. This can lead to potential theft of session cookies, defacement of the management interface, or redirection to malicious sites. Since Web Image Monitor may expose sensitive device settings and network information, the impact on confidentiality and integrity is rated as Low per CVSS v3 [3].

Mitigation

The vendor Ricoh has provided a fix via an update to Web Image Monitor [1][3]. Konica Minolta also released an updated firmware for its affected product (1422W series) to address this vulnerability [4]. Users are strongly advised to apply the latest firmware or software update as specified by the respective vendors. Additionally, restricting network access to the printer's management interface and using firewalls can reduce the risk of exploitation [4].