Cyber Posture

CVE-2025-27656

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

Security Summary

CVE-2025-27656 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, specifically affecting versions before Virtual Appliance Host 22.0.862 Application 20.0.2014. The issue involves passwords stored in plain text in the process list, classified under CWE-256 (Plain-text Storage of a Password). It received a CVSS v3.1 base score of 9.8, reflecting its high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and significant impacts on confidentiality, integrity, and availability.

Remote attackers without authentication can exploit this vulnerability by accessing the process list, potentially extracting sensitive passwords. Successful exploitation enables high-level compromise, including unauthorized access to credentials that could lead to further system takeover, data exfiltration, or disruption of print management services.

Mitigation requires upgrading to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later. Vendor security bulletins and advisories provide additional details, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with disclosure analyses such as Pierre Kim's report on 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.

Details

CWE(s)
CWE-256

Affected Products

printerlogic
vasion print
≤ 20.0.2014
printerlogic
virtual appliance
≤ 22.0.862

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing Vasion Print appliance allows remote unauthenticated access to process list exposing plaintext passwords, directly enabling T1190 for initial access and T1552 for obtaining unsecured credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References