CVE-2025-27652

CVE-2025-27652 is a Server-Side Request Forgery (SSRF) vulnerability, designated as rfIDEAS V-2023-015 and mapped to CWE-918, affecting Vasion Print (formerly PrinterLogic) in versions prior to Virtual Appliance Host 22.0.862 Application 20.0.2014. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.

Remote unauthenticated attackers can exploit this SSRF flaw over the network with minimal effort. Exploitation enables severe consequences, including high-level compromise of confidentiality through unauthorized data access, integrity violations via data manipulation, and availability disruptions, all without privileges or user involvement.

Vendor advisories recommend upgrading to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later for mitigation. Further details appear in PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18.