Primary

Context

RICOH Streamline NX V3 PC Client Vulnerability Allowing Code Execution via Man-in-the-Middle Attack

Vulnerability

A vulnerability exists in RICOH Streamline NX V3 PC Client, specifically in versions 3.5.0 prior to 3.7.0. This vulnerability arises from the use of less trusted sources, which may enable an attacker to perform a man-in-the-middle attack. By intercepting upgrade requests, the attacker could eavesdrop on the communication and execute a malicious DLL containing custom code on the victim's machine.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the PC where the application is running, by intercepting and modifying upgrade requests to include a malicious DLL.

Remediation

Users are advised to update the RICOH Streamline NX V3 PC Client to the latest version. For more information, consult the RICOH vulnerability notice ricoh-2025-000006.

Added: Jun 13, 2025, 9:16 AM

Updated: Jun 13, 2025, 9:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

8.1

exploitability

6.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

8.1

exploitability

6.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RICOH Streamline NX V3 PC Client Vulnerability Allowing Code Execution via Man-in-the-Middle Attack

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating