CVE-2025-27669
Published: 05 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-27669 is a Remote Network Scanning (XSPA)/DoS vulnerability, tracked internally as OVE-20230524-0013, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions before 22.0.843 Application 20.0.1923. It stems from CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact disruption to availability with no effects on confidentiality or integrity.
The vulnerability can be exploited by unauthenticated attackers accessible over the network, requiring low attack complexity and no user interaction. Exploitation triggers a denial-of-service condition on the Virtual Appliance Host, potentially rendering print management services unavailable.
Mitigation guidance is available in PrinterLogic's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Affected systems should be updated to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later to remediate the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in remotely accessible public-facing print appliance allows unauthenticated exploitation causing resource exhaustion DoS, directly mapping to T1190 (exploit public-facing app for DoS) and T1499.004 (application/system exploitation for endpoint DoS).