CVE-2025-27641
Published: 05 March 2025
Summary
CVE-2025-27641 is a critical-severity Improper Authentication (CWE-287) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly defines and restricts user actions permitted without identification or authentication, directly preventing unauthenticated access to SSO APIs as exploited in this CVE.
AC-3 enforces approved authorizations for logical access, which would block the unauthenticated API access central to this improper authentication vulnerability.
SC-14 protects confidentiality and integrity while restricting public access to systems, mitigating remote unauthenticated exploitation of network-accessible SSO APIs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authentication vulnerability enabling unauthenticated remote access to SSO APIs on a public-facing virtual appliance directly facilitates exploitation of public-facing applications for initial access and potential full system compromise.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.
Deeper analysisAI
CVE-2025-27641 is a critical improper authentication vulnerability (CWE-287) in Vasion Print, formerly known as PrinterLogic, affecting versions before Virtual Appliance Host 22.0.951 Application 20.0.2368. It enables unauthenticated access to APIs for Single-Sign On, designated as V-2024-009. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact.
Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Successful exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially enabling full system control on affected appliances.
Mitigation guidance and patches are detailed in vendor advisories, including PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Additional analysis appears in Pierre Kim's blog post on 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)