CVE-2025-27664
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27664 is an insufficient Cross-Site Request Forgery (CSRF) protection vulnerability, classified under CWE-352 and tracked as OVE-20230524-0008, affecting Vasion Print (formerly known as PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 with Application versions prior to 20.0.1923. This flaw enables attackers to bypass CSRF protections in the print management software, which is commonly deployed in enterprise environments for centralized printer administration.
The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity and no required privileges, though it necessitates user interaction. Unauthenticated attackers can craft malicious web pages or links that trick authenticated users—such as administrators—into involuntarily executing unauthorized actions on the Vasion Print appliance, potentially leading to high-impact compromise of confidentiality, integrity, and availability, including data exfiltration, modification of print configurations, or full system takeover.
Mitigation details are outlined in the official PrinterLogic security bulletins available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which security practitioners should consult for patching instructions and workarounds specific to affected versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a CSRF vulnerability in a network-accessible web-based print management application, enabling attackers to craft malicious links/pages that trick authenticated users into performing unauthorized high-impact actions on the appliance, directly mapping to exploitation of a public-facing application for initial access or compromise.