Cyber Resilience

CVE-2025-27649

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27649 is a critical-severity Improper Access Control (CWE-284) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27649 is an Incorrect Access Control vulnerability (CWE-284), identified as PHP V-2023-016, affecting Vasion Print (formerly PrinterLogic) in versions before Virtual Appliance Host 22.0.893 Application 20.0.2140. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Remote attackers require no authentication privileges, user interaction, or special conditions beyond network access and low attack complexity to exploit the vulnerability. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing full system control on affected appliances.

Vendor advisories, independent researcher disclosures, and related bulletins provide mitigation guidance, including upgrade instructions to Virtual Appliance Host 22.0.893 Application 20.0.2140 or later. Key references include the PrinterLogic (Vasion) security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.893 Application 20.0.2140 allows Incorrect Access Control: PHP V-2023-016.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes an unauthenticated remote incorrect access control flaw (CWE-284) in a public-facing print management application with CVSS 9.8 (AV:N/PR:N), directly enabling initial access and full system compromise through exploitation of the exposed service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27646Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.2140
printerlogic
virtual appliance
≤ 22.0.893

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying, reporting, and applying the vendor-recommended upgrade to Virtual Appliance Host 22.0.893 Application 20.0.2140 or later to remediate the access control flaw.

prevent

Enforces approved authorizations for logical access, directly countering the incorrect access control (CWE-284) that allows unauthenticated remote exploitation.

prevent

Monitors and controls communications at system boundaries to block remote unauthenticated access attempts exploiting the network-accessible vulnerability.

References