CVE-2025-27667

CVE-2025-27667 is an Administrative User Email Enumeration vulnerability, tracked as OVE-20230524-0011, affecting Vasion Print (formerly known as PrinterLogic) Virtual Appliance versions prior to Host 22.0.843 Application 20.0.1923. The issue stems from CWE-203 (Observable Discrepancy), where differences in system responses allow inference of valid administrative user email addresses. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts across confidentiality, integrity, and availability.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. By sending crafted requests, they can enumerate valid administrative email addresses, potentially enabling further targeted attacks such as phishing, credential stuffing, or social engineering against administrators.

The PrinterLogic security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm provides details on mitigation, including upgrading to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later.