CVE-2025-63579
Received Received - Intake

Information Disclosure in Kyocera Command Center RX

Vulnerability report for CVE-2025-63579, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: MITRE

Description

Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported. The security measure that encrypts incoming data ian be bypassed with this vulnerability, allowing encrypted data to be decrypted. Passwords and other sensitive information can be obtained. This affects Kyocera Command Center RX TASKalfa 2552ci, TASKalfa 3252ci, TASKalfa 2553ci, TASKalfa 3253ci, TASKalfa 3554ci, TASKalfa 4052ci, TASKalfa 5052ci, TASKalfa 6052ci, TASKalfa 7052ci, TASKalfa 8052ci, TASKalfa 7353ci, TASKalfa 8353ci, TASKalfa 2554ci, TASKalfa 3254ci, TASKalfa 505.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-10
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 16 associated CPEs
Vendor Product Version / Range
kyocera command_center_rx *
kyocera taskalfa_2552ci *
kyocera taskalfa_3252ci *
kyocera taskalfa_2553ci *
kyocera taskalfa_3253ci *
kyocera taskalfa_3554ci *
kyocera taskalfa_4052ci *
kyocera taskalfa_5052ci *
kyocera taskalfa_6052ci *
kyocera taskalfa_7052ci *
kyocera taskalfa_8052ci *
kyocera taskalfa_7353ci *
kyocera taskalfa_8353ci *
kyocera taskalfa_2554ci *
kyocera taskalfa_3254ci *
kyocera taskalfa_505 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-326 The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-311 The product does not encrypt sensitive or critical information before storage or transmission.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows unauthorized access to sensitive information such as usernames and passwords stored in the Kyocera printer's address book by bypassing encryption protections.

Such unauthorized disclosure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require the protection of personal and sensitive information against unauthorized access.

Executive Summary

This vulnerability affects Kyocera printers, specifically the Command Center RX series and multiple TASKalfa models. It allows unauthorized users to access and export all information stored in the printer's address book.

The security measure that encrypts incoming data can be bypassed, enabling attackers to decrypt this data and obtain sensitive information such as passwords.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information stored in the printer's address book, including usernames and passwords.

Attackers exploiting this flaw can gain access to confidential data, potentially compromising network security and user privacy.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63579. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart