CVE-2025-27659
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27659 is a SQL injection vulnerability (CWE-89), tracked as OVE-20230524-0002, affecting Vasion Print, formerly known as PrinterLogic. The issue impacts Virtual Appliance Host versions before 22.0.843 with Application versions before 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for severe impacts across confidentiality, integrity, and availability.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows high-impact outcomes, including unauthorized access to sensitive data, modification of database contents, and disruption of system availability, potentially leading to full compromise of the affected appliance.
Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which corresponds to the vulnerable versions specified. Security practitioners should upgrade to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later to address the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The remote unauthenticated SQL injection in the public-facing Vasion Print web application directly enables exploitation of a public-facing service, mapping to T1190.