cve-2025-6081
Vulnerability from cvelistv5
Published
2025-07-01 03:25
Modified
2025-07-02 13:24
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Pass-back attack in Konica Minolta bizhub 227 multifunctional printers
References
cve@rapid7.comhttps://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0003.pdf
cve@rapid7.comhttps://www.rapid7.com/blog/post/cve-2025-6081-konica-minolta-bizhub-pass-back-attack-vulnerability-not-fixed/
Impacted products
Konica Minoltabizhub 227 Multifunction printers
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6081",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-01T13:44:50.802547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-02T13:24:52.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "bizhub 227 Multifunction printers",
          "vendor": "Konica Minolta",
          "versions": [
            {
              "status": "affected",
              "version": "GCQ-Y3"
            }
          ]
        }
      ],
      "datePublic": "2025-07-01T03:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficiently Protected Credentials in LDAP in Konica Minolta\u0026nbsp;bizhub 227 Multifunction printers\u0026nbsp;version GCQ-Y3 or earlier\u0026nbsp;allows a\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003en attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Insufficiently Protected Credentials in LDAP in Konica Minolta\u00a0bizhub 227 Multifunction printers\u00a0version GCQ-Y3 or earlier\u00a0allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-01T03:25:38.240Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "url": "https://www.rapid7.com/blog/post/cve-2025-6081-konica-minolta-bizhub-pass-back-attack-vulnerability-not-fixed/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0003.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Pass-back attack in Konica Minolta bizhub 227 multifunctional printers",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2025-6081",
    "datePublished": "2025-07-01T03:25:38.240Z",
    "dateReserved": "2025-06-13T18:30:54.776Z",
    "dateUpdated": "2025-07-02T13:24:52.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6081\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2025-07-01T04:15:45.530\",\"lastModified\":\"2025-07-03T15:14:12.767\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficiently Protected Credentials in LDAP in Konica Minolta\u00a0bizhub 227 Multifunction printers\u00a0version GCQ-Y3 or earlier\u00a0allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker controlled LDAP service. This will allow the attacker to capture the plaintext password of the configured LDAP service.\"},{\"lang\":\"es\",\"value\":\"Las credenciales de protecci\u00f3n insuficiente en LDAP en las impresoras Konica Minolta bizhub 227 Multifunction, versi\u00f3n GCQ-Y3 o anterior, permiten que un atacante reconfigura el dispositivo objetivo para usar un servicio LDAP externo controlado por el atacante. Si se configura una contrase\u00f1a LDAP en el dispositivo objetivo, el atacante puede forzar su autenticaci\u00f3n en el servicio LDAP controlado por el atacante. Esto le permitir\u00e1 capturar la contrase\u00f1a en texto plano del servicio LDAP configurado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"references\":[{\"url\":\"https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0003.pdf\",\"source\":\"cve@rapid7.com\"},{\"url\":\"https://www.rapid7.com/blog/post/cve-2025-6081-konica-minolta-bizhub-pass-back-attack-vulnerability-not-fixed/\",\"source\":\"cve@rapid7.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.