CVE-2025-27650
Published: 05 March 2025
Summary
CVE-2025-27650 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires cryptographic or access protection for sensitive information at rest, directly preventing exposure of private keys stored in the Docker overlay filesystem.
Mandates secure management and protection of authenticators such as private keys to prevent unauthorized disclosure in storage like Docker overlays.
Establishes requirements for secure storage and access control of cryptographic keys, addressing the insecure storage of private keys in the Docker overlay.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly exposes private keys due to insufficient protection (CWE-522), enabling T1552.004 Private Keys for credential access.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.
Deeper analysisAI
CVE-2025-27650 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions prior to Virtual Appliance Host 22.0.862 and Application 20.0.2014. It involves private keys being accessible in Docker Overlay V-2023-013, mapped to CWE-522 (Insufficiently Protected Credentials). The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its severe potential impact.
Remote attackers require no privileges or user interaction to exploit this over the network with low complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, primarily through unauthorized access to private keys stored insecurely in the Docker overlay.
Advisories and additional details are available in PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/18. Affected deployments should upgrade to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later to mitigate the issue.
Details
- CWE(s)