Information List by Vulnerability

Specific Ricoh MFP and Printer Products - Reflected Cross-Site Scripting Vulnerability via Web Image Monitor (CVE-2025-41393)

: Last updated: 03:00 am on October 15, 2025 (2025-10-15T12:00:00+09:00); First published: 01:00 am on April 30, 2025 (2025-04-30T10:00:00+09:00); Ricoh Company, Ltd.

Ricoh has identified a reflected cross-site scripting vulnerability (XSS) via Web Image monitor (CVE-2025-41393).

This vulnerability could allow an arbitrary script to be executed remotely.
The risk of vulnerability can be reduced by not directly connecting the product or service to the Internet, and using it within a network protected by a firewall or broadband router, or by setting a private IP address to make it inaccessible from the Internet.
To ensure stronger security, please follow the measures outlined below.
https://www.ricoh.com/security/products/setting

List 1 below shows the affected products and services.

Vulnerability Information ID

ricoh-2025-000001
Version

1.06E
CVE ID(CWE ID)

CVE-2025-41393 ( CWE-79)
CVSSv3 base score

6.1 MEDIUM

List1:Ricoh products and services affected by this vulnerability

Product/service	Link to details
IM C320F	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000268-2025-000001
P C375	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000269-2025-000001
IM 550F/600F/600SRF	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000013-2025-000001
SP 5300DN/5310DN	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000135-2025-000001
P 800/801	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000136-2025-000001
IM 350F/350/430F/430Fb	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000016-2025-000001
P 501/502	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000137-2025-000001
IM 2500/3000/3500/4000/5000/6000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2025-000001
SP 8400DN	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000138-2025-000001
MP 402SPF	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000057-2025-000001
IM C400F/C400SRF/C300F/C300	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000008-2025-000001
P C600	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000143-2025-000001
IM 370/370F/460F/460FTL	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2025-000001
IM 7000/8000/9000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2025-000001
IM C3000/C3500	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000005-2025-000001
IM C4500/C5500/C6000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000006-2025-000001
M C2001	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2025-000001
IM C2000/C2500	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000007-2025-000001
IM C3010/C3510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2025-000001
IM C4510/C5510/C6010	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2025-000001
IM C2010/C2510	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000158-2025-000001
IM C7010	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000159-2025-000001
IM CW2200	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000060-2025-000001
IP CW2200	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000162-2025-000001
SP C352DN	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000239-2025-000001
RICOH MP C3004/C3504	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000002-2025-000001
RICOH MP C4504/C5504/C6004	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000003-2025-000001
RICOH MP C2004/C2504	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000004-2025-000001
RICOH MP C3004ex/C3504ex	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000035-2025-000001
RICOH MP C4504ex/C5504ex/C6004ex	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000036-2025-000001
RICOH MP C2004ex/C2504ex	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000037-2025-000001
SP 6430DN	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000139-2025-000001
MP C3003/C3503 (The model without Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000041-2025-000001
MP C3003/C3503 (The model with Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000038-2025-000001
MP C4503/C5503/C6003 (The model without Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000042-2025-000001
MP C4503/C5503/C6003 (The model with Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000039-2025-000001
MP C2003/C2503 (The model without Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000043-2025-000001
MP C2003/C2503 (The model with Smart Operation Panel)	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000040-2025-000001
SP C840DN/C842DN	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000144-2025-000001
SP C360SNw/C360SFNw/C361SFNw	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000055-2025-000001
MP W7100SP/W8140SP	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000132-2025-000001
MP W6700/W6700SP	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000226-2025-000001
IM C6500/C8000	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000001-2025-000001
MP C2011SP	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000129-2025-000001
MP CW2201	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000059-2025-000001
IM C530F/C530FB	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2025-000001
IP C8500	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000165-2025-000001

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

Acknowledgement:

Ricoh would like to thank Juan Pablo Gomez Postigo of Sprocket Security, Niels Eris of HackDefense, and Vincent Theriault of Precicom Technologies Inc. for reporting this vulnerability.

History:
2025-10-15T12:00:00+09:00 : 1.06E Updated List1
2025-08-18T12:00:00+09:00 : 1.05E Updated List1
2025-07-14T12:00:00+09:00 : 1.04E Updated List1
2025-06-09T12:00:00+09:00 : 1.03E Updated List1
2025-05-12T10:00:00+09:00 : 1.02E Updated CVE ID,CWE ID
2025-05-01T10:00:00+09:00 : 1.01E Updated List1
2025-04-30T10:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.