CVE-2025-27685

CVE-2025-27685 is a vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions before Virtual Appliance Host 1.0.735 Application 20.0.1330. It involves a configuration file that exposes a Certificate Authority (CA) certificate and private key, corresponding to CWE-312 (Cleartext Storage of Sensitive Information). The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network-based exploitation potential.

Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows remote retrieval of the configuration file, yielding the CA certificate and private key, which could facilitate subsequent attacks like impersonation or interception of print-related communications.

Mitigation requires updating to Virtual Appliance Host 1.0.735 Application 20.0.1330 or later. Vendor security bulletins are available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, alongside details in Pierre Kim's disclosure of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.