Cyber Resilience

CVE-2025-27645

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27645 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-27645 affects Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 22.0.933 Application 20.0.2368. The vulnerability enables insecure extension installation by trusting HTTP permission methods on the server side, tracked as V-2024-005 and mapped to CWE-863 (Incorrect Authorization). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially leading to full system control through malicious extensions.

Mitigation requires upgrading to Virtual Appliance Host 22.0.933 Application 20.0.2368 or later. Relevant advisories include PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18.

This vulnerability is part of a larger set of 83 flaws disclosed in Vasion Print/PrinterLogic products.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unauthenticated remote exploitation of public-facing app (T1190) directly enables installation of malicious server extensions for code execution/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print
CVE-2025-27642Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.2368
printerlogic
virtual appliance
≤ 22.0.933

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations for access to system resources, directly preventing unauthenticated extension installation due to incorrect server-side HTTP permission handling.

prevent

AC-14 explicitly defines and limits actions permissible without identification or authentication, mitigating the vulnerability's allowance of insecure extension installs via unauthenticated HTTP methods.

prevent

SI-2 requires timely identification, reporting, and correction of flaws like this incorrect authorization vulnerability, aligning with the vendor's upgrade mitigation.

References