CVE-2025-36506 is a vulnerability identified in Ricoh Company, Ltd.'s RICOH Streamline NX V3 PC Client, specifically affecting versions 3.5.0 through 3.242.0. The flaw is categorized as an external control of file name or path issue, which allows an attacker to overwrite arbitrary files on the victim's file system with log data by sending a specially crafted request to the vulnerable client. This vulnerability does not require any authentication or user interaction, and it can be exploited remotely over the network (AV:N, PR:N, UI:N). The vulnerability impacts the integrity and availability of the affected system by enabling unauthorized modification of files, potentially leading to disruption of normal operations or corruption of critical files. The CVSS v3.0 base score is 6.5, indicating a medium severity level. The scope is unchanged (S:U), meaning the vulnerability affects resources managed by the same security authority. No known exploits are currently reported in the wild, and no patches have been explicitly linked in the provided information. The vulnerability arises from improper validation or sanitization of file path inputs, allowing external actors to control file paths used by the application when writing log data. This can lead to overwriting important files, which may cause application malfunction or system instability.

For European organizations using RICOH Streamline NX V3 PC Client within the affected version range, this vulnerability poses a moderate risk. The ability to overwrite arbitrary files can disrupt document management workflows, potentially corrupting configuration files, logs, or other critical data. This could lead to denial of service conditions or data integrity issues, impacting business continuity. Organizations in sectors relying heavily on document processing and printing infrastructure, such as legal, financial, healthcare, and government institutions, may experience operational disruptions. Additionally, if critical system files are overwritten, it could require system restoration or reinstallation, increasing downtime and operational costs. While confidentiality is not directly impacted, the integrity and availability of systems are at risk. The lack of authentication requirement increases the attack surface, allowing remote attackers to exploit the vulnerability without prior access. Given the widespread use of Ricoh products in Europe, particularly in office environments, the threat could affect a broad range of organizations if exploited.

1. Immediate mitigation should focus on restricting network access to the RICOH Streamline NX V3 PC Client to trusted internal networks only, using network segmentation and firewall rules to block unauthorized external traffic. 2. Monitor network traffic for unusual or malformed requests targeting the client application to detect potential exploitation attempts. 3. Implement application-level input validation and sanitization for file path parameters if possible through configuration or vendor updates. 4. Engage with Ricoh support channels to obtain and apply any forthcoming patches or updates addressing this vulnerability as soon as they become available. 5. As a temporary workaround, consider running the client with least privilege user accounts to limit the impact of file overwrites. 6. Regularly back up critical configuration and system files to enable quick recovery in case of file corruption or overwriting. 7. Conduct internal audits to identify all instances of the affected software across the organization to ensure comprehensive coverage of mitigation efforts. 8. Educate IT staff about this vulnerability to increase awareness and readiness to respond to potential incidents.