Cyber Posture

CVE-2025-27658

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 12.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-27658 is an authentication bypass vulnerability, tracked as OVE-20230524-0001, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application versions prior to 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-288 (Authentication Bypass Using an Alternate Path or Channel).

Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Exploitation enables bypassing authentication controls, potentially leading to high-impact compromise of confidentiality, integrity, and availability on affected systems.

Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which addresses the issue in Virtual Appliance Host 22.0.843 and Application 20.0.1923.

Details

CWE(s)
CWE-288

Affected Products

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authentication bypass in public-facing Vasion Print appliance directly enables T1190: Exploit Public-Facing Application for initial unauthenticated network access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References