CVE-2025-27643

Critical

Published: 05 March 2025

Published

05 March 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 31.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27643 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 31.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unsecured Credentials (T1552) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Vendor patch to Virtual Appliance Host 22.0.933 Application 20.0.2368 or later directly removes the hardcoded AWS API key, preventing remote exploitation.

RA-5 Vulnerability Monitoring and Scanning partial match

preventdetect

Vulnerability scanning identifies affected pre-22.0.933 Virtual Appliance Host versions with the hardcoded AWS API key, enabling targeted remediation.

SI-5 Security Alerts, Advisories, and Directives partial match

detect

Subscription to vendor bulletins and researcher advisories like Pierre Kim's analysis facilitates early detection of the hardcoded AWS API key exposure for prompt patching.

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

attack.mitre.org →

T1078.004 Cloud Accounts Stealth

Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Hardcoded AWS API key exposure directly facilitates T1552 Unsecured Credentials (obtaining the exposed credential) and enables T1078.004 Valid Accounts (Cloud Accounts) by providing valid cloud authentication material for resource compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.

Deeper analysisAI

CVE-2025-27643, published on 2025-03-05, is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-798 (Use of Hard-coded Credentials). It affects Vasion Print, formerly known as PrinterLogic, specifically the Virtual Appliance Host versions before 22.0.933 with Application versions before 20.0.2368, where a hardcoded AWS API key (V-2024-006) is exposed.

The vulnerability enables remote attackers with no required privileges or user interaction to exploit it over the network with low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, primarily through misuse of the hardcoded AWS API key to compromise associated cloud resources.

Vendor and researcher advisories provide mitigation guidance, including the PrinterLogic (Vasion) security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18. Upgrading to Virtual Appliance Host 22.0.933 Application 20.0.2368 or later addresses the issue.

Details

CWE(s): CWE-798

Affected Products

printerlogic

vasion print

≤ 20.0.2368

printerlogic

virtual appliance

≤ 22.0.933

CVEs Like This One

CVE-2025-27662Same product: Printerlogic Vasion Print

CVE-2025-27648Same product: Printerlogic Vasion Print

CVE-2025-27663Same product: Printerlogic Vasion Print

CVE-2025-27656Same product: Printerlogic Vasion Print

CVE-2025-27645Same product: Printerlogic Vasion Print

CVE-2025-27659Same product: Printerlogic Vasion Print

CVE-2025-27674Same product: Printerlogic Vasion Print

CVE-2025-27668Same product: Printerlogic Vasion Print

CVE-2025-27669Same product: Printerlogic Vasion Print

CVE-2025-27664Same product: Printerlogic Vasion Print

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vendor Advisory · cve@mitre.org
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html
cve@mitre.org
http://seclists.org/fulldisclosure/2025/Apr/18
af854a3a-2127-422b-91ae-364da2661108