CVE-2025-41393 Scanner

CVE-2025-41393 is a medium-severity reflected cross-site scripting (XSS) vulnerability affecting Ricoh laser printers and multifunction printers (MFPs) that use the Web Image Monitor interface for device management.

The vulnerability arises from improper sanitization of user-supplied input passed to the `profile` parameter in HTTP GET requests. An attacker could trick a user into clicking a maliciously crafted URL that injects arbitrary JavaScript, which then executes in the context of the user's browser.

This can lead to theft of session cookies, credential harvesting, or redirecting the victim to a malicious site.

Example attack vector:

 https://printer-ip-address/?profile=</script><script>alert(document.domain)</script> 

Ricoh officially acknowledged this issue in security bulletin RICOH-2025-000001 and recommends updating to a firmware version that includes input sanitization for affected endpoints.

References:

• https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001
• https://jvn.jp/en/jp/JVN20474768/
• https://nvd.nist.gov/vuln/detail/CVE-2025-41393