Critical Vulnerabilities in Quick Agent Software Expose Ricoh MFPs to Remote Attacks

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued an alert regarding multiple critical vulnerabilities found in Quick Agent, a Windows application developed by SIOS Technology, Inc. for Ricoh multifunction printers (MFPs). These flaws, affecting Quick Agent versions prior to Ver3.2.1 (V3) and Ver2.9.8 (V2), could allow attackers to execute arbitrary code, steal files, or conduct unauthorized login attempts.

Quick Agent is widely used to support Ricoh’s scanning and faxing solutions, including:

• Quick Scan
• Easy FAX
• Speedoc
• Smart eco FAX

Given its integration into essential office workflows, the presence of security vulnerabilities poses a significant risk to organizations relying on these systems.

The vulnerabilities identified include:

• CVE-2025-26692 (CVSS 9.2): A path traversal vulnerability in the file upload function that could allow remote unauthenticated attackers to execute arbitrary code with Windows system privileges.
• CVE-2025-27937 (CVSS 7.1): A path traversal vulnerability in the file download function that could permit authenticated attackers to obtain arbitrary files from the affected system.
• CVE-2025-31144 (CVSS 6.9): An improper access control vulnerability that could enable a remote unauthenticated attacker to attempt arbitrary host logins via the affected Windows system.

Organizations using Quick Agent are strongly advised to update the software to the latest available versions as provided by SIOS Technology. Immediate patching is critical to prevent exploitation of these vulnerabilities.

In cases where immediate updating is not feasible, JPCERT/CC recommends the following workarounds:

• Restrict usage to within trusted LAN environments.
• Block access from untrusted networks and hosts using firewalls.
• Implement VPNs or other secure tunnels when internet access is necessary, ensuring that exposure to the broader internet is minimized.

Related Posts:

• Ricoh Printers and MFPs Vulnerable to Remote Code Execution – CVE-2024-47939 (CVSS 9.8)
• Sharp and Toshiba Tec MFPs Exposed: Multiple Vulnerabilities Put Businesses at Risk
• HP Warns of Critical Security Flaw in LaserJet Printers – CVE-2025-26506 (CVSSv4 9.2)
• Agent Tesla Loader Evolves: New Evasive Techniques Pose Rising Threat
• Microsoft Unleashes AI Agents to Supercharge Cybersecurity Defenses