CVE-2025-27639
Published: 05 March 2025
Summary
CVE-2025-27639 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-27639 is a privilege escalation vulnerability (CWE-269, V-2024-015) in Vasion Print, formerly known as PrinterLogic. It affects the Virtual Appliance versions prior to Host 22.0.1002 and Application 20.0.2614. Published on 2025-03-05, the issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to its potential for significant impact.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation enables high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), allowing the attacker to escalate privileges within the affected appliance.
Advisories recommend updating to Virtual Appliance Host 22.0.1002 Application 20.0.2614 or later to mitigate the issue. Additional details are provided in the PrinterLogic security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6079
Vulnerability details
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote privilege escalation vulnerability (CWE-269) in Vasion Print Virtual Appliance that allows a low-privileged attacker to escalate privileges, directly mapping to Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely flaw remediation by patching to Virtual Appliance Host 22.0.1002 Application 20.0.2614, directly eliminating the privilege escalation vulnerability.
Enforces least privilege principle to restrict low-privilege (PR:L) accounts from escalating to high-impact access as exploited in this CVE.
Mandates enforcement mechanisms for access control policies that, when properly implemented, block unauthorized privilege escalation attempts over the network.