CVE-2025-27678
Published: 05 March 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-27678 is a client remote code execution vulnerability (CWE-94) in Vasion Print, formerly known as PrinterLogic, affecting versions before Virtual Appliance Host 22.0.843 and Application 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact without authentication or user interaction.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity. Successful exploitation enables remote code execution on affected clients, compromising confidentiality, integrity, and availability to a high degree.
Mitigation requires upgrading to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later. Additional details on patches and advisories are provided in PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes an unauthenticated client-side remote code execution vulnerability (CWE-94) in Vasion Print that allows remote attackers to execute arbitrary code on affected clients with no user interaction, directly mapping to Exploitation for Client Execution.