CVE-2025-27645

Critical

Published: 05 March 2025

Published

05 March 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27645 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for access to system resources, directly preventing unauthenticated extension installation due to incorrect server-side HTTP permission handling.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 explicitly defines and limits actions permissible without identification or authentication, mitigating the vulnerability's allowance of insecure extension installs via unauthenticated HTTP methods.

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, and correction of flaws like this incorrect authorization vulnerability, aligning with the vendor's upgrade mitigation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of public-facing app (T1190) directly enables installation of malicious server extensions for code execution/persistence (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005.

Deeper analysisAI

CVE-2025-27645 affects Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 22.0.933 Application 20.0.2368. The vulnerability enables insecure extension installation by trusting HTTP permission methods on the server side, tracked as V-2024-005 and mapped to CWE-863 (Incorrect Authorization). It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially leading to full system control through malicious extensions.

Mitigation requires upgrading to Virtual Appliance Host 22.0.933 Application 20.0.2368 or later. Relevant advisories include PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/18.

This vulnerability is part of a larger set of 83 flaws disclosed in Vasion Print/PrinterLogic products.

Details

CWE(s): CWE-863

Affected Products

printerlogic

vasion print

≤ 20.0.2368

printerlogic

virtual appliance

≤ 22.0.933

CVEs Like This One

CVE-2025-27659Same product: Printerlogic Vasion Print

CVE-2025-27668Same product: Printerlogic Vasion Print

CVE-2025-27664Same product: Printerlogic Vasion Print

CVE-2025-27642Same product: Printerlogic Vasion Print

CVE-2025-27651Same product: Printerlogic Vasion Print

CVE-2025-27641Same product: Printerlogic Vasion Print

CVE-2025-27652Same product: Printerlogic Vasion Print

CVE-2025-27649Same product: Printerlogic Vasion Print

CVE-2025-27657Same product: Printerlogic Vasion Print

CVE-2025-27665Same product: Printerlogic Vasion Print

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vendor Advisory · cve@mitre.org
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html
cve@mitre.org
http://seclists.org/fulldisclosure/2025/Apr/18
af854a3a-2127-422b-91ae-364da2661108