CVE-2025-27681
Published: 05 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27681 affects Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 1.0.735 Application 20.0.1330. The vulnerability stems from mishandling Client Inter-process Security V-2022-004, mapped to CWE-602 (Client-Side Enforcement of Server-Side Security). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to its network vector, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.
An unauthenticated remote attacker can exploit this vulnerability over the network without privileges or user interaction. Exploitation enables high-level compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or full control over the affected appliance.
Vendor security bulletins provide mitigation guidance at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Additional details appear in Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a critical unauthenticated remote code execution flaw in a public-facing print server appliance (CWE-602 client-side security enforcement bypass), directly enabling exploitation of public-facing applications for initial access and full system compromise.