CVE-2025-27646
Published: 05 March 2025
Summary
CVE-2025-27646 is a critical-severity Improper Access Control (CWE-284) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Manipulation (T1098); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-3 mandates enforcement of approved authorizations for access to system resources, directly countering the improper access control that permits unauthenticated remote editing of user accounts.
AC-6 enforces least privilege, ensuring that editing user accounts requires explicit authorization and privileges, mitigating the PR:N exploitation vector.
AC-2 provides systematic management of accounts including authorization for modifications, helping to limit unauthorized changes despite the exposure vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows remote unauthenticated editing of user accounts via improper access control in a public-facing virtual appliance, directly enabling T1098 Account Manipulation and mapping to T1190 Exploit Public-Facing Application for initial access.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Edit User Account Exposure V-2024-001.
Deeper analysisAI
CVE-2025-27646 is an Edit User Account Exposure vulnerability, designated V-2024-001, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions before 22.0.913 with Application 20.0.2253. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical, and maps to CWE-284 (Improper Access Control). The CVE was published on 2025-03-05T06:15:36.257.
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, stemming from unauthorized exposure allowing edit access to user accounts.
Vendor advisories, including security bulletins, are published at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Further details appear in Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and on the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)