CVE-2025-53869

low-risk

Published 2026-01-29

Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.7/10 Low

NETWORK / HIGH complexity

References (4)

https://faq.brother.co.jp/app/answers/detail/a_id/13716

https://jvn.jp/en/vu/JVNVU92878805/

https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2026-0001.pdf

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000001

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal