Detections
Analytics

Konica Bizhub Multifunction Printers Insertion of Sensitive Information into Externally-Accessible File or Directory (CVE-2025-8452)

medium Tenable OT Security Plugin ID 504860

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Through the use of eSCL or SNMP protocols, an attacker can retrieve the serial number of a printer. By applying the attack technique described in CVE-2024-51978, the default administrator password can be derived from the obtained serial number. Consequently, if the administrator password has not been changed from its default setting, there is a risk that an attacker could use the generated password to gain unauthorized control of the device.

Solution

Refer to the vendor advisory.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2025-8452

http://www.nessus.org/u?26e0b6e0

Plugin Details

Severity: Medium

ID: 504860

File Name: tenable_ot_konica_CVE-2025-8452.nasl

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/19/2025

Updated: 2/20/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:konicaminolta:bizhub_4020i_firmware, cpe:/o:konicaminolta:bizhub_5000i_firmware, cpe:/o:konicaminolta:bizhub_5020i_firmware, cpe:/o:konicaminolta:bizhub_4000i_firmware

Required KB Items: Tenable.ot/Konica

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/17/2025

Reference Information

CVE: CVE-2025-8452

CWE: 538