#VU112052 Stored cross-site scripting in Konica Minolta products - CVE-2025-5884

Vulnerability identifier: #VU112052

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-5884

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
bizhub C759
bizhub C659
bizhub C658
bizhub C558
bizhub C458
bizhub C368
bizhub C308
bizhub C258
bizhub C287
bizhub C227
bizhub C3851
bizhub C3851FS
bizhub C3351
bizhub 958
bizhub 808
bizhub 758
bizhub 658e
bizhub 558e
bizhub 458e
bizhub 368e
bizhub 308e
bizhub 558
bizhub 458
bizhub 368
bizhub 308
bizhub 367
bizhub 287
bizhub 227
bizhub 4752
bizhub 4052

Software vendor:
Konica Minolta

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

• https://drive.google.com/file/d/1A0JEnmnUGNjGsizRu99uz2ynqQ3v9ZKB/view
• https://vuldb.com/?ctiid.311655
• https://vuldb.com/?id.311655
• https://vuldb.com/?submit.493653
• https://jvn.jp/en/vu/JVNVU95470660/index.html
• https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0002.pdf