CVE-2025-27650

CVE-2025-27650 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions prior to Virtual Appliance Host 22.0.862 and Application 20.0.2014. It involves private keys being accessible in Docker Overlay V-2023-013, mapped to CWE-522 (Insufficiently Protected Credentials). The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, primarily through unauthorized access to private keys stored insecurely in the Docker overlay.

Advisories and additional details are available in PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/18. Affected deployments should upgrade to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later to mitigate the issue.