CVE-2025-27677

CVE-2025-27677 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue, tracked as V-2022-002, enables symbolic links for unprivileged file interaction and is classified under CWE-276 (Incorrect Default Permissions). It was published on 2025-03-05.

The vulnerability can be exploited by unauthenticated remote attackers with low complexity and no user interaction required. Exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially enabling attackers to interact with files outside privileged scopes via symbolic links.

Mitigation details are available in vendor advisories, including PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, researcher Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/18. Updating to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later addresses the issue.

This vulnerability is part of a larger disclosure of 83 flaws in the Vasion Print/PrinterLogic platform documented by Pierre Kim. No real-world exploitation in the wild is noted in available details.