CVE-2025-27638

CVE-2025-27638 is a hardcoded password vulnerability (CWE-259), designated as V-2024-013, affecting Vasion Print, formerly known as PrinterLogic. It impacts Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation grants high-level impacts on confidentiality, integrity, and availability, likely enabling unauthorized access via the hardcoded credentials.

Advisories recommend upgrading to Virtual Appliance Host 22.0.1002 or later and Application 20.0.2614 or later to mitigate the issue. Further details on patches and remediation are provided in the PrinterLogic security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's disclosure of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.