CVE-2025-5884 in bizhubinfo

Summary

by MITRE • 06/09/2025

A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/30/2026

This vulnerability resides within the Konica Minolta bizhub multifunction printer series, specifically affecting versions up to 20250202 and targeting the Display MFP Information List component. The flaw represents a classic cross site scripting vulnerability that occurs when the system fails to properly sanitize user input, particularly the Model Name argument. This allows malicious actors to inject arbitrary JavaScript code into the web interface, creating a persistent threat vector that can compromise user sessions and data confidentiality. The vulnerability's classification as remotely exploitable means that attackers can initiate attacks without requiring physical access to the device, making it particularly dangerous in networked environments where these devices are commonly deployed.

The technical implementation of this vulnerability stems from insufficient input validation and output encoding within the web-based management interface of the bizhub devices. When users or attackers provide malicious input through the Model Name parameter, the system fails to properly escape or filter special characters that could be interpreted as HTML or JavaScript code. This weakness creates an opening for attackers to inject malicious scripts that execute in the context of other users who view the affected information list. The attack can be initiated through various means including crafted web requests, phishing campaigns, or by leveraging the device's web interface directly, making it highly accessible to threat actors with varying skill levels.

The operational impact of this vulnerability extends beyond simple script execution, as it can lead to complete session hijacking, data exfiltration, and potential lateral movement within network environments. Attackers can leverage the XSS flaw to steal authentication cookies, redirect users to malicious sites, or inject additional malicious payloads that could escalate privileges or compromise the entire device. In enterprise environments where these devices are commonly used for document management and printing services, this vulnerability could provide attackers with access to sensitive corporate documents and potentially serve as a foothold for broader network infiltration. The fact that the exploit has been publicly disclosed further amplifies the risk, as it provides threat actors with ready-made attack vectors.

Mitigation strategies should focus on immediate patch application from Konica Minolta, as this represents the most effective solution to address the root cause of the vulnerability. Organizations should also implement network segmentation to limit access to these devices, deploy web application firewalls to detect and block malicious payloads, and establish robust input validation policies for all web interfaces. Additionally, regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other networked devices. The vulnerability aligns with CWE-79 which specifically addresses cross site scripting flaws, and maps to attack techniques in the ATT&CK framework under TA0001 Initial Access and TA0002 Execution, highlighting the need for comprehensive defensive measures across multiple security domains.

Responsible

VulDB

Disclosure

06/09/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00241

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!