Notice on potential impact of "Cross-Site Scripting (XSS) Vulnerability in SLNX Help Documentation via specific Parameter" (CVE-2025-41439) towards RICOH Streamline NX V3

First published: 05:00 am on June 30, 2025 (2025-06-30T13:00:00+09:00)

Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Cross-Site Scripting (XSS) Vulnerability in SLNX Help Documentation via specific Parameter" (CVE-2025-41439) affects RICOH Streamline NX V3.

Ricoh offers measures detailed below.

https://jvn.jp/en/jp/JVN24333956/index.html

empty

Advisory ID:

ricoh-prod000077-2025-000008

Version:

1.00E

CVE ID (CWE ID):

CVE-2025-41439 ( CWE-79 )

CVSSv3 base score:

6.1MEDIUM

Potential impact

For more information on the impact of this vulnerability being exploited, please refer to the following URL.

https://jvn.jp/en/jp/JVN24333956/index.html

empty

Affected components and versions

Product/service	Link to details
SP 230DNw	SLNX administrative tool

Streamline NX version can be confirmed with the following procedure:

1. Login in to Administrators console.

2. Navigate to [System] → [Server Settings] → [System Information and Settings].

3. In the "System Information" section, check the value of "System Version".

Resolution

Applying a security patch V3.7.2.1 will resolve this issue. Also, the functionality that caused the issue has been removed as of version 3.231.0 (=23R1), and upgrading to this version or later will prevent the problem from occurring.

________________________________________

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :2025-06-30T13:00:00+09:00 : 1.00E Initial public release