CVE-2025-27644

CVE-2025-27644 is a local privilege escalation vulnerability (CWE-269) in Vasion Print, formerly known as PrinterLogic, affecting Virtual Appliance Host versions before 22.0.933 with Application versions before 20.0.2368. Designated as V-2024-007, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-05.

The vulnerability can be exploited by a local attacker who already possesses low privileges on the affected system. Exploitation requires low complexity and no user interaction, allowing the attacker to gain high-impact control over confidentiality, integrity, and availability, resulting in full local privilege escalation.

Mitigation is achieved by upgrading to Virtual Appliance Host 22.0.933 or later with Application 20.0.2368 or later. Vendor and researcher advisories provide further details, including the PrinterLogic security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18.