CVE-2025-41393
published 2025-05-12CVE-2025-41393: Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If…
PriorityP432medium5.1CVSS 4.0
AVNACLATNPRNUIAVCNVINVANSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.61%
44.9th percentile
Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| konica_minolta_japan_inc | multiple_mfps_which_implement_web_image_monitor | — | — |
| ricoh_company_ltd | multiple_laser_printers_and_mfps_which_implement_web_image_monitor | — | — |
CVSS provenance
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Ricoh Web Image Monitor - Reflected XSS
nuclei·CVSS 5.1
CVE-2025-41393 [MEDIUM] Ricoh Web Image Monitor - Reflected XSS
Ricoh Web Image Monitor - Reflected XSS
A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
Template:
id: CVE-2025-41393
info:
name: Ricoh Web Image Monitor - Reflected XSS
author: jpg0mez
severity: medium
description: |
A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
impact: |
Attackers can execute malicious JavaScript in user browsers through the profile parameter
No writeups or analysis indexed.
2025-05-12
Published