Dear Customers,
We deeply appreciate your constant patronage to Konica Minolta products.
A vulnerability that allows a Denial-of-Service (DoS) attack has been newly identified in the indicated models. This advisory provides an overview of the issue and the recommended countermeasures.
Please note that, at the time of publication (August 29th, 2025), there have been no confirmed security incidents globally resulting from the exploitation of this vulnerability.
Overview of the vulnerability
| Ref. ID | CVSSv3.1 | Base Score | Vulnerabilities description |
|---|---|---|---|
| CVE-2025-54777 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 4.3 | Importing a malformed file in [Registration of Certification Information] for S/MIME for Email Destination causes the Web Connection to stop. |
Affected Models
Product name | Affected Version | Fixed Version | Latest Version |
|---|---|---|---|
| ineo+ 751i ineo+ 651i/551i/451i ineo+ 361i/301i/251i ineo+ 4051i/3351i/4001i/3301i ineo+ 3321i ineo 751i ineo 651i/551i/451i ineo 361i/301i ineo 4751i/4051i ineo 4701i ineo+ 750i ineo+ 650i/550i/450i ineo+ 360i/300i/250i ineo+ 287i/257i/227i ineo+ 4050i/3350i/4000i/3300i ineo+ 3320i ineo 950i/850i ineo 750i ineo 650i/550i/450i ineo 360i/300i ineo 306i/266i/246i/226i ineo 4750i/4050i ineo 4700i | G00-RE or earlier | GC2-RE or later (Except G00-RF) | G00-S7 |
| ineo+ 759/659 ineo+ 658/558/458 ineo 958/808/758 ineo 658e/558e/458e ineo+ 287/227 | GCQ-Y2 or earlier | GCR-Y2 or later | G00-YE |
| ineo+ 368/308/258 ineo 558/458/368/308 ineo+ 3851/3851FS/3351 ineo 4752/4052 | GCQ-X4 or earlier | GCR-X4 or later | G00-YE |
| ineo 368e/308e | GCQ-X8 or earlier | GCR-X8 or later | G00-YE |
| ineo 367/287/227 | GCQ-Y3 or earlier | GCR-Y3 or later | G00-YE |
Impact on Multifunction Printers
Web Connection becomes completely unresponsive. (Other MFP functions are not affected.)
Remediation
The countermeasure firmware will be applied sequentially, either remotely or during the next visit by your authorized Konica Minolta service representative.
Vulnerability Specific Recommendation
1. Ensure that the administrator password is secure. If it remains set to its factory default, please change it immediately to a strong complex password.
Configuration: [Utility] - [Administrator] - [Security] - [Administrator Password Setting]
2. Restrict non-Admin users from making any address book destination changes.
Configuration: [Utility] - [Administrator] - [Security] - [Restrict User Access] - [Registering and Changing Addresses]: [Restrict]
General Security Recommendations
To ensure a secure operating posture for your multifunction devices, and to reduce exposure to the vulnerability described in this advisory, Konica Minolta strongly recommends applying the following configuration best practices:
1. Avoid Direct Internet Exposure
Place devices behind firewalls and use private IP addressing and Device IP Filtering settings.
2. Change Default Passwords
Change default credentials and implement strong passwords for administrative and network functions.
3. Use Strong Passwords for Services
Ensure strong credentials are configured for SMTP, LDAP, SMB, WebDAV, and any other integrated services.
4. Disable Unused Services
Turn off unused ports or protocols to reduce attack surface.
5. Use Secure Protocols
Configure devices to use encrypted communications (e.g., HTTPS, LDAPS, IPPS) where supported.
6. Monitor Device Activity
Regularly review device logs and network traffic for suspicious behavior.
7. Enable Authentication Where Available
Use built-in user authentication features to prevent unauthorized access to device functions.
For comprehensive information on secure configuration, please refer to our Product Security web site. https://www.konicaminolta.com/global-en/security/mfp/setting/index.html
Enhancing the Security of Products and Services
Konica Minolta considers the security of its products and services to be an important responsibility and will continue to actively respond to incidents and vulnerabilities.
https://www.konicaminolta.com/about/csr/social/customers/enhanced_security.html
Related Information
JVNVU#99831542
Acknowledgements
We would like to express our sincere appreciation to the penetration tester Miguel Alves (0xmupa) for discovering and responsibly reporting this vulnerability.
Contact
Should you require further clarification or assistance with implementing the recommended measures or applying the relevant firmware update, please contact your authorized Konica Minolta service representative.