CVE-2025-5884
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-09

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-09
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-5884
EUVD
EUVD-2025-17472
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
konica_minolta bizhub *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-5884 is a cross-site scripting (XSS) vulnerability in Konica Minolta bizhub devices up to version 20250202, specifically in the Display MFP Information List component. It occurs because the 'Model Name' argument is not properly sanitized, allowing an attacker to inject malicious scripts that execute in the context of the device's web interface. The attack can be initiated remotely and requires some user interaction to trigger the malicious script execution. [1, 2]


How can this vulnerability impact me? :

This vulnerability allows an attacker to execute arbitrary scripts within the vulnerable web interface, which can lead to session hijacking, data theft, or other malicious actions. Because the attack can be performed remotely, it poses a risk to the integrity and security of the device and potentially the network it is connected to. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves checking if the Konica Minolta bizhub device is vulnerable by testing the 'Model Name' input field in the 'Display MFP Information List' component for XSS injection. A practical approach is to attempt injecting a harmless XSS payload such as (";"><h1 onmouseover=alert(1)>click</h1>) into the 'Model Name' field via the device's web interface and observe if the script executes. Network detection could involve monitoring HTTP requests to the device's web interface for suspicious payloads in the 'Model Name' parameter. Specific commands are not provided in the resources. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding use of the affected Konica Minolta bizhub devices or replacing them with alternative products, as no known countermeasures or patches are currently available. Additionally, restricting remote access to the device's web interface and monitoring for suspicious activity may reduce risk. Since the vulnerability requires user interaction and exploits an unprotected web page, limiting exposure and access control are recommended. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart