Vulnerability ID: JVN-VU#92878805 Title: Multiple vulnerabilities in BROTHER MFPs (multifunction printers) Products Affected: - Brother Industries, Ltd. - Konica Minolta, Inc. - Ricoh Company, Ltd. Description: - Improper certificate validation (CWE-295): - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 6.3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score 3.7 - CVE-2025-53869 - Hidden Functionality (CWE-912): - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3 - CVE-2025-55704 Impact: - The set of root certificates used by the product may be replaced with a set of arbitrary certificates by a man-in-the-middle attack (CVE-2025-53869). - An attacker may obtain the logs of the affected product and obtain sensitive information within the logs (CVE-2025-55704). Solution: - Update the firmware: - Apply the appropriate firmware update according to the information provided by the respective vendors. Vendor Status: - All vendors listed as "Vulnerable". Credit: - Anton Fabricius of SySS GmbH reported these vulnerabilities to the developer. JPCERT/CC coordinated between the reporter and the developer.