#VU112053 Cross-site request forgery in Konica Minolta products - CVE-2025-5885

Vulnerability identifier: #VU112053

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-5885

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
bizhub C759
bizhub C659
bizhub C658
bizhub C558
bizhub C458
bizhub C368
bizhub C308
bizhub C258
bizhub C287
bizhub C227
bizhub C3851
bizhub C3851FS
bizhub C3351
bizhub 958
bizhub 808
bizhub 758
bizhub 658e
bizhub 558e
bizhub 458e
bizhub 368e
bizhub 308e
bizhub 558
bizhub 458
bizhub 368
bizhub 308
bizhub 367
bizhub 287
bizhub 227
bizhub 4752
bizhub 4052

Software vendor:
Konica Minolta

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

• https://drive.google.com/file/d/1pECiiSWdB_ERzzGrc--WY63IzZxR6i6L/view
• https://vuldb.com/?ctiid.311656
• https://vuldb.com/?id.311656
• https://vuldb.com/?submit.493666
• https://jvn.jp/en/vu/JVNVU95470660/index.html
• https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0002.pdf