CVE-2025-41393

MEDIUM NUCLEI

Ricoh and KONICA MINOLTA Web Image Monitor - Reflected Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-41393. PoCs published by iSee857. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode. The script demonstrates command execution by creating a session and sending a crafted JSON payload to execute the 'id' command, verifying RCE via response analysis.

Description

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/RicohWebImageMonitor-CVE-2025-41393-ReflectXss.py

View Code ZIP pw:eip

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode. The script demonstrates command execution by creating a session and sending a crafted JSON payload to execute the 'id' command, verifying RCE via response analysis.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version unspecified)

No auth needed

Prerequisites: Network access to target · OpenCode service running

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Ricoh Web Image Monitor - Reflected XSS

MEDIUMVERIFIEDby jpg0mez

Shodan: http.html:"Web Image Monitor"

References (4)

Core 4

Core References

Third Party Advisory

https://jvn.jp/en/jp/JVN20474768/

Various Sources

https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001

Various Sources

https://www.konicaminolta.jp/business/support/important/250714_01_01.html

Various Sources

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001

Scores

CVSS v3 6.1

EPSS 0.0059

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

KONICA MINOLTA JAPAN, INC./Multiple MFPs which implement Web Image Monitor see the information provided by the vendor

Ricoh Company, Ltd./Multiple laser printers and MFPs which implement Web Image Monitor see the information provided by the vendor

Published May 12, 2025

Tracked Since Feb 18, 2026