CVE-2025-27651
Published: 05 March 2025
Summary
CVE-2025-27651 is a critical-severity SSRF (CWE-918) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the SSRF vulnerability by identifying, reporting, and applying vendor-recommended upgrades to Virtual Appliance Host 22.0.862 or later.
Validates and sanitizes user-supplied inputs like URLs to block SSRF exploitation in the affected PrinterLogic application.
Enforces information flow control policies to restrict the appliance from making unauthorized server-side requests to internal or external resources.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The described unauthenticated remote SSRF vulnerability in a public-facing virtual appliance directly enables the Exploit Public-Facing Application technique (T1190), allowing attackers to forge requests to internal/external resources and achieve full compromise with high CIA impact.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Server-Side Request Forgery: Elatec V-2023-014.
Deeper analysisAI
CVE-2025-27651 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting Vasion Print (formerly known as PrinterLogic) Virtual Appliance Host versions prior to 22.0.862 with Application 20.0.2014. This flaw, also referenced as Elatec V-2023-014, carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, and lack of prerequisites for exploitation.
The vulnerability enables exploitation by unauthenticated remote attackers over the network with no user interaction required. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, potentially compromising the affected appliance by forging requests to internal or external resources.
Mitigation details are outlined in vendor security bulletins and related disclosures available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and http://seclists.org/fulldisclosure/2025/Apr/18. Security practitioners should upgrade to Virtual Appliance Host 22.0.862 or later with Application 20.0.2014 to address this issue.
Details
- CWE(s)