CVE-2025-27643
Published: 05 March 2025
Description
Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-27643, published on 2025-03-05, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-798 (Use of Hard-coded Credentials). It affects Vasion Print, formerly known as PrinterLogic, specifically the Virtual Appliance Host versions before 22.0.933 with Application versions before 20.0.2368, where a hardcoded AWS API key (V-2024-006) is exposed.
The vulnerability enables remote attackers with no required privileges or user interaction to exploit it over the network with low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, primarily through misuse of the hardcoded AWS API key to compromise associated cloud resources.
Vendor and researcher advisories provide mitigation guidance, including the PrinterLogic (Vasion) security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18. Upgrading to Virtual Appliance Host 22.0.933 Application 20.0.2368 or later addresses the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Hardcoded AWS API key exposure directly facilitates T1552 Unsecured Credentials (obtaining the exposed credential) and enables T1078.004 Valid Accounts (Cloud Accounts) by providing valid cloud authentication material for resource compromise.