CVE-2025-55704
Unknown Unknown - Not Provided
Information Disclosure via Hidden Functionality in Brother MFPs

Publication date: 2026-01-29

Last updated on: 2026-01-29

Assigner: JPCERT/CC

Description
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55704
EUVD
EUVD-2025-206537
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
brother inkjet_printers *
brother laser_printers *
brother sublimation_transfer_printers *
brother scanners *
konicaminolta bizhub_5021i From 1.02 (inc) to 1.04 (inc)
konicaminolta bizhub_5001i From 1.03 (inc) to 1.05 (inc)
konicaminolta bizhub_4221i From 1.02 (inc) to 1.04 (inc)
konicaminolta bizhub_4201i From 1.02 (inc) to 1.04 (inc)
konicaminolta bizhub_5020i From U2412241059 (exc) to U2505151336 (inc)
konicaminolta bizhub_5000i From 1.33 (exc) to 1.34 (inc)
konicaminolta bizhub_4020i From U2412241059 (exc) to U2505151336 (inc)
konicaminolta bizhub_4000i From 1.29 (exc) to 1.30 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not explicitly discuss the impact of CVE-2025-55704 on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability allows unauthorized access to sensitive information within device logs, it could potentially lead to exposure of confidential data, which may affect compliance with data protection regulations. Mitigation involves updating device firmware and applying recommended security measures to prevent unauthorized access. [1, 2, 3]

Executive Summary

CVE-2025-55704 is a security vulnerability found in multiple multifunction printers (MFPs) and related devices from Brother Industries, Konica Minolta, and Ricoh. It involves hidden functionality that allows an attacker to access diagnostic or problem analysis logs on the affected devices without authorization. These logs may contain sensitive information, which the attacker can obtain. The vulnerability is related to improper certificate validation and hidden functionality issues, enabling unauthorized access to sensitive device data over the network without requiring user interaction or privileges. [1, 2, 3]

Impact Analysis

This vulnerability can impact you by allowing an attacker to remotely access sensitive information contained in the diagnostic logs of your affected printer or scanner devices. This unauthorized access could expose confidential data about device usage or other sensitive details stored in the logs. Additionally, the attacker could impersonate the device to access certain online services related to the device, such as product usage status and ink levels. Exploitation requires no user interaction or privileges and can be performed over the network, increasing the risk of data exposure and potential misuse. [1, 2]

Detection Guidance

Detection involves monitoring device logs and network traffic for suspicious activity related to unauthorized access attempts. Since the vulnerability allows attackers to access sensitive logs via network-based attacks without authentication, administrators should check for unusual access patterns to the device's diagnostic or problem analysis logs. Specific commands are not provided in the resources, but general recommendations include regularly reviewing device logs and network traffic, and verifying device firmware versions to identify vulnerable devices. [3]

Mitigation Strategies

Immediate mitigation steps include updating the firmware of affected devices to the latest fixed versions provided by the vendors (Brother and Konica Minolta). Users should download and apply the firmware update tools from the official vendor websites. Additionally, it is recommended to avoid exposing devices directly to the internet, use firewalls and private IP addressing, change default passwords to strong credentials, disable unused services and ports, configure strong passwords for integrated services (SMTP, LDAP, SMB, WebDAV), use secure encrypted communication protocols (HTTPS, LDAPS, IPPS), enable built-in user authentication features, and regularly monitor device logs and network traffic for suspicious activity. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55704. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart