Cyber Posture

CVE-2025-27647

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27647 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-2 (Account Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Directly prohibits critical functions like adding partial admin users without identification or authentication, addressing the core CWE-306 vulnerability.

AC-2 Account Management good match
prevent

Requires management of account creation and modification processes to ensure only authorized entities can add admin users, preventing unauthorized account provisioning.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of access control policies at the system level to block unauthenticated access to admin user addition functions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1136.001 Local Account Persistence
Adversaries may create a local account to maintain access to victim systems.
attack.mitre.org →
Why these techniques?

Authentication bypass in public-facing Vasion Print appliance directly enables remote exploitation of the application (T1190) to create unauthorized local admin accounts (T1136.001) without credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Addition of Partial Admin Users Without Authentication V-2024-002.

Deeper analysisAI

CVE-2025-27647 is a critical authentication bypass vulnerability (CWE-306: Missing Authentication for Critical Function) in Vasion Print, formerly known as PrinterLogic, affecting versions prior to Virtual Appliance Host 22.0.913 Application 20.0.2253. The flaw allows unauthenticated attackers to add partial admin users without proper authentication checks, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It was published on 2025-03-05.

Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables the creation of partial admin accounts, potentially granting high-impact unauthorized access to confidentiality, integrity, and availability of the affected appliance, leading to full system compromise.

Vendor security bulletins and advisories, including those at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, detail mitigation through upgrading to Virtual Appliance Host 22.0.913 Application 20.0.2253 or later. Additional analysis is available in Pierre Kim's disclosure at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.

Details

CWE(s)
CWE-306

Affected Products

printerlogic
vasion print
≤ 20.0.2253
printerlogic
virtual appliance
≤ 22.0.913

CVEs Like This One

CVE-2025-27642Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27649Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27657Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27659Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print

References