CVE-2025-27665
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27665 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving insufficient antivirus protection in Vasion Print, formerly known as PrinterLogic, specifically affecting versions prior to Virtual Appliance Host 22.0.843 Application 20.0.1923. The flaw, classified under CWE-693 (Protection Mechanism Failure), enables drivers containing known malicious code identified as OVE-20230524-0009 to bypass detection and execute. It was published on 2025-03-05.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, user interaction, or special conditions (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data theft, system compromise, or denial of service on affected appliances.
Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which likely covers patching to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote code execution flaw in a network-accessible virtual appliance (Vasion Print) due to insufficient antivirus protection allowing malicious drivers to bypass detection and execute, directly mapping to exploitation of a public-facing application.