Ricoh Web Image Monitor Reflected XSS Vulnerability (CVE-2025-41393)

Critical Vulnerability Information Vulnerability Type: Reflected Cross-Site Scripting (XSS) via Web Image Monitor CVE ID: CVE-2025-41393 CVSS v3 Base Score: 6.1 (Medium) Risk Description: This vulnerability allows remote execution of arbitrary scripts. Mitigation Measures: - Do not directly connect the product or service to the internet. - Use within a network protected by a firewall or broadband router, or configure a private IP address to prevent internet accessibility. Affected Products and Services List of Affected Products: - Ricoh MP C3004/C3504 - Ricoh MP C4004/C5004/C6004 - Ricoh MP C2004/C2504 - Ricoh MP C3004ex/C3504ex - Ricoh MP C4004ex/C5004ex/C6004ex - IM 350F/450F/450F/450FN - M-C200FW/C200FSE - P C375 - IM 550F/600F/600FSF - SP 5300DN/5310DN - P 800/801 - P 501/502 - IM 2500/3000/3500/4000/5000/6000 - SP 8400DN - MP 4025P - IM C400F/C400SF/C300F/C300 - P C600 - IM 370/370F/400F/400FTL - IM 7000/8000/9000 一 IM C3800/C3500 - M C2001 - IM C2000/C2500 - IM C3010/C3510 - IM C410/C510/C610 - IM C2010/C2510 - IC 7010 - IC MW200 - IP CW2200 - SP C352DN Additional Information Release Date: April 30, 2025 Update Date: May 12, 2025 Acknowledgments: Thank you to Juan Pablo Gomez Postigo, Niels Eris, and Vincent Thériault for reporting this vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

Ricoh Web Image Monitor Reflected XSS Vulnerability (CVE-2025-41393)