Cyber Posture

CVE-2025-27684

High

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0013 31.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

Security Summary

CVE-2025-27684 is a vulnerability in Vasion Print, formerly known as PrinterLogic, affecting Virtual Appliance Host versions before 1.0.735 with Application versions before 20.0.1330. It involves the debug bundle containing sensitive data, mapped to CWE-215 (cleartext storage of sensitive information). The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to network-accessible confidentiality impact.

Remote attackers require no privileges, authentication, or user interaction and face low attack complexity to exploit this flaw. Successful exploitation enables disclosure of sensitive data within the debug bundle, potentially compromising configuration details, credentials, or other proprietary information hosted on the appliance.

Advisories recommend upgrading to Virtual Appliance Host 1.0.735 Application 20.0.1330 or later to mitigate the issue. Additional details on patches and remediation are available in PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's disclosure of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18.

Details

CWE(s)
CWE-215

Affected Products

printerlogic
vasion print
≤ 20.0.1330
printerlogic
virtual appliance
≤ 1.0.735

MITRE ATT&CK Enterprise Techniques

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

Vulnerability enables remote unauthenticated access to a debug bundle with cleartext sensitive data including credentials, directly facilitating T1552.001 by providing unsecured credentials in files.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References