CVE-2025-27673
Published: 05 March 2025
Description
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Security Summary
CVE-2025-27673 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) affecting Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host before 22.0.843 Application 20.0.1923. The issue, tracked as OVE-20230524-0017 and mapped to CWE-539, involves cookies being returned in the response body, which can lead to information exposure.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as potential session hijacking or unauthorized access to sensitive data through exposed cookies.
Mitigation details and security bulletins are available from the vendor at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. The CVE was published on 2025-03-05T06:15:40.167.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability in public-facing web application exposes session cookies in response body, directly enabling remote exploitation (T1190) and theft of web session cookies for hijacking (T1539).