CVE-2025-27646
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27646 is an Edit User Account Exposure vulnerability, designated V-2024-001, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions before 22.0.913 with Application 20.0.2253. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical, and maps to CWE-284 (Improper Access Control). The CVE was published on 2025-03-05T06:15:36.257.
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, stemming from unauthorized exposure allowing edit access to user accounts.
Vendor advisories, including security bulletins, are published at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Further details appear in Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and on the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote unauthenticated editing of user accounts via improper access control in a public-facing virtual appliance, directly enabling T1098 Account Manipulation and mapping to T1190 Exploit Public-Facing Application for initial access.