CVE-2025-27639

CVE-2025-27639 is a privilege escalation vulnerability (CWE-269, V-2024-015) in Vasion Print, formerly known as PrinterLogic. It affects the Virtual Appliance versions prior to Host 22.0.1002 and Application 20.0.2614. Published on 2025-03-05, the issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to escalate privileges within the affected appliance.

Advisories recommend updating to Virtual Appliance Host 22.0.1002 Application 20.0.2614 or later to mitigate the issue. Additional details are provided in the PrinterLogic security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.