CVE-2025-8452: Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-8452?
CVE-2025-8452 is classified as a medium severity vulnerability.
How does CVE-2025-8452 affect Brother Multi-Function Printers?
CVE-2025-8452 allows attackers to discover the serial number of Brother Multi-Function Printers via the uscan protocol.
What are the potential risks associated with CVE-2025-8452?
The discovered serial number can be exploited in conjunction with other vulnerabilities to gain unauthorized access to the printer's functions.
How can organizations mitigate the risk of CVE-2025-8452?
Organizations should ensure their Brother Multi-Function Printers are updated with the latest firmware and configure network access controls.
Is there a patch available for CVE-2025-8452?
Yes, Brother regularly provides firmware updates that address vulnerabilities, including CVE-2025-8452.