Key Information Vulnerability Details Vulnerability Name: Reflected Cross-Site Scripting Vulnerability in Web Image Monitor (CVE-2025-41393) Vulnerability ID: ricoh-prod-0000001 CVE ID: CVE-2025-41393 CWE ID: CWE-79 JVN ID: JVN#074768 CVSS v3 Base Score: 6.1 (MEDIUM) Affected Scope Affected Products and Services: Multiple RICOH products, including but not limited to: - RICOH P C375/C375M - RICOH Pro B405/B410S/B405S - RICOH Pro B405Y/B420HT/B410Y/B410HT - RICOH IM C500/C3000 - RICOH IM 430F - RICOH IP 500SF - RICOH P 501/501M/500/500M - RICOH SP B400/B400M/B400a/B400M a1 - RICOH MP C3004/C304 - RICOH MP C454/C554/C654 - RICOH MP C254 - RICOH IM C3000/C3500 - RICOH IM C5000/C5500/C6000 - RICOH IM C2000/C2500 - RICOH IM C300/C3010 - RICOH IM CG600/CG500/CG450 - RICOH IM CG200/CG2010 - RICOH SP C352 Public Disclosure Date Disclosure Date: May 12, 2025, 9:00 AM (2025-05-12T10:00:00+09:00) Contact Information Contact Department: Ricoh Technica Call Center Phone: 0120-892-111 Response Hours: Monday to Friday, 9:00 AM – 5:00 PM (excluding holidays) Acknowledgments Acknowledged Parties: Juan Pablo Gomez Postigo from Sprocket Security, Niels Erbs from HackDefense, Vincent Theriault from Precimion Technologies Inc. Update History Update Date: 2025-05-12T10:00:00+09:00 Update Content: New disclosure