CVE-2025-27671
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27671 is a device impersonation vulnerability, tracked as OVE-20230524-0015 and mapped to CWE-290 (Authentication Bypass by Spoofing), affecting Vasion Print (formerly PrinterLogic) in versions prior to Virtual Appliance Host 22.0.843 Application 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its potential for severe impact across the confidentiality, integrity, and availability triads.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction. By impersonating legitimate devices, attackers gain unauthorized access, enabling high-impact compromise of the affected appliance, including potential data exfiltration, modification, or disruption of print management services.
Mitigation guidance is available in the vendor's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Affected deployments should upgrade to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later to address the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a remote unauthenticated authentication bypass via device spoofing in a network-accessible print management appliance, directly enabling exploitation of public-facing applications for initial access.