CVE-2025-27657
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27657 is a remote code execution vulnerability (CWE-94) affecting Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 22.0.843 Application 20.0.1923. Designated as V-2023-008, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
The vulnerability enables an unauthenticated attacker with network access to exploit it remotely with low attack complexity and no user interaction required. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing arbitrary code execution on the affected appliance.
Vendor security bulletins, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with Pierre Kim's disclosure of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and the Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18, provide further details on patches and mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
This is a remote unauthenticated code execution vulnerability (CWE-94) in a public-facing application (Vasion Print/PrinterLogic appliance), directly mapping to T1190 Exploit Public-Facing Application for initial access and arbitrary code execution.