CVE-2025-27670
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27670 is an Insufficient Signature Validation vulnerability, identified as OVE-20230524-0014 and mapped to CWE-347 (Improper Authentication), affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 Application 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.
Remote attackers require no privileges, authentication, or user interaction to exploit this over the network with low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling outcomes such as arbitrary code execution or full system compromise on affected appliances.
Mitigation guidance is available in PrinterLogic's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which details patching to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later to address the signature validation flaw.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an unauthenticated remote code execution flaw in a public-facing virtual appliance (insufficient signature validation allowing arbitrary code execution or full compromise), directly enabling T1190 Exploit Public-Facing Application.