CVE-2025-27675

CVE-2025-27675 affects Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host before 22.0.843 with Application 20.0.1923. The vulnerability stems from a flawed OpenID implementation designated V-2023-004 and is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impacts across confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high-level access to sensitive information and enables significant disruption, including manipulation of data (high integrity impact) and denial of service (high availability impact).

Mitigation details and security bulletins are documented in vendor advisories at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with independent analysis at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18. Upgrading to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later addresses the issue.