CVE-2025-6081

Name of the Vulnerable Software and Affected Versions: Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier

Description: The issue concerns insufficiently protected credentials in LDAP, allowing an attacker to reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker can force the target device to authenticate to the attacker-controlled LDAP service, enabling the capture of the plaintext password of the configured LDAP service.

Recommendations: For version GCQ-Y3 or earlier, consider disabling the LDAP service until a patch is available to prevent reconfiguration by an attacker. Restrict access to the device's configuration to minimize the risk of exploitation. Avoid using the LDAP password on the target device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.