CVE-2025-27663
Published: 05 March 2025
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Security Summary
CVE-2025-27663 is a critical vulnerability involving weak password encryption or encoding, designated as OVE-20230524-0007 and mapped to CWE-521. It affects Vasion Print, formerly known as PrinterLogic, specifically Virtual Appliance Host versions before 22.0.843 and Application versions before 20.0.1923. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating severe risk due to its network accessibility and high impacts across the confidentiality, integrity, and availability triads.
Remote attackers require only network access to exploit this issue, with no privileges, user interaction, or special complexity needed. Exploitation of the weak password encryption or encoding can enable attackers to achieve high-level compromise, potentially allowing unauthorized access to sensitive data, system modification, and service disruption.
Mitigation guidance is provided in the official PrinterLogic security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Weak password encryption/encoding directly enables T1552 Unsecured Credentials by making stored or transmitted passwords easily recoverable. The remote, unauthenticated nature in a public-facing application (virtual appliance) allows exploitation via T1190 Exploit Public-Facing Application leading to full compromise.