CVE-2025-27683
Published: 05 March 2025
Description
Adversaries may transfer tools or other files from an external system into a compromised environment.
Security Summary
CVE-2025-27683 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions before 1.0.735 Application 20.0.1330. The vulnerability enables unrestricted upload of files with dangerous types, specifically drivers, and is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). Published on 2025-03-05, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
An authenticated attacker with low privileges can exploit this vulnerability remotely over the network without requiring user interaction. Exploitation allows uploading malicious driver files, potentially leading to high-impact compromise of the affected system, including unauthorized access, modification, or disruption.
Official mitigation guidance recommends upgrading to Virtual Appliance Host 1.0.735 Application 20.0.1330 or later. Additional details are provided in security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's advisory at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload vulnerability (CWE-434) in a network-accessible application directly enables remote exploitation of a public-facing app (T1190) and allows transfer of malicious driver files into the target environment (T1105).