CVE Tools
Sign in

CVE-2025-8452

Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

Published: Aug 12, 2025Updated: Oct 8, 2025 Sources: CVE List NVD BDUCWE-538
NVD MITRE
4.3CVSSMEDIUM
EPSS Score
0.2%
Top 86.9%
CISA KEV
Not in KEV
Exploits
0 Known
Remediation
Patch Available

Description

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password.

CVSS Vector Breakdown

AV:AAC:LPR:NUI:NS:UC:LI:NA:N
Exploitability
AV:AAttack Vector
Adjacent
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:LConfidentiality
Low
I:NIntegrity
None
A:NAvailability
None
Open in CVSS calculator →

Weaknesses

CWE-538

Affected Products

DCP-L8410CDWBrother Industries, LtdHardware Firmware
MFC-L8610CDWBrother Industries, LtdHardware Firmware
MFC-L8690CDWBrother Industries, LtdHardware Firmware
MFC-L8900CDWBrother Industries, LtdHardware Firmware
MFC-L9570CDWBrother Industries, LtdHardware Firmware
brother industries, ltdcommercialJPHardware Firmwareaka brother
and 409 more affected products View all →

Exploitability

0 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

References

https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100851_000
support.brother.com
https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/
rapid7.com
https://help.runzero.com/docs/installing-an-explorer/
help.runzero.com
and 5 more references View all →

Timeline

Published
Aug 12, 2025
Last Updated
Oct 8, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-8452 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows