CVE-2025-27666
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27666 is a vulnerability involving insufficient authorization checks (CWE-862, identified as OVE-20230524-0010) in Vasion Print, formerly known as PrinterLogic. It affects versions before Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue was published on 2025-03-05 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread impact.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high-impact access to confidentiality, integrity, and availability, enabling attackers to potentially read, modify, or delete data, execute arbitrary code, or disrupt services on affected systems.
Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes insufficient authorization checks enabling unauthenticated remote exploitation of a public-facing application (Vasion Print/PrinterLogic), directly mapping to T1190: Exploit Public-Facing Application. The critical severity and potential for arbitrary code execution, data access, or service disruption confirm this as the primary technique facilitated by the vulnerability.