CVE-2025-27656

Critical

Published: 05 March 2025

Published

05 March 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27656 is a critical-severity Plaintext Storage of a Password (CWE-256) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 requires managing and protecting authenticators such as passwords from unauthorized disclosure, directly preventing plain-text storage in accessible process lists.

SC-7 Boundary Protection good match

prevent

SC-7 enforces boundary protection to monitor and control communications at external interfaces, preventing remote unauthorized access to the process list containing plain-text passwords.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates identification, reporting, and timely remediation of flaws like this plain-text password exposure through vendor patching or upgrades.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1552 Unsecured Credentials Credential Access

Adversaries may search compromised systems to find and obtain insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Vulnerability in public-facing Vasion Print appliance allows remote unauthenticated access to process list exposing plaintext passwords, directly enabling T1190 for initial access and T1552 for obtaining unsecured credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

Deeper analysisAI

CVE-2025-27656 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, specifically affecting versions before Virtual Appliance Host 22.0.862 Application 20.0.2014. The issue involves passwords stored in plain text in the process list, classified under CWE-256 (Plain-text Storage of a Password). It received a CVSS v3.1 base score of 9.8, reflecting its high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and significant impacts on confidentiality, integrity, and availability.

Remote attackers without authentication can exploit this vulnerability by accessing the process list, potentially extracting sensitive passwords. Successful exploitation enables high-level compromise, including unauthorized access to credentials that could lead to further system takeover, data exfiltration, or disruption of print management services.

Mitigation requires upgrading to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later. Vendor security bulletins and advisories provide additional details, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with disclosure analyses such as Pierre Kim's report on 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.

Details

CWE(s): CWE-256

Affected Products

printerlogic

vasion print

≤ 20.0.2014

printerlogic

virtual appliance

≤ 22.0.862

CVEs Like This One

CVE-2025-27662Same product: Printerlogic Vasion Print

CVE-2025-27663Same product: Printerlogic Vasion Print

CVE-2025-27648Same product: Printerlogic Vasion Print

CVE-2025-27641Same product: Printerlogic Vasion Print

CVE-2025-27666Same product: Printerlogic Vasion Print

CVE-2025-27659Same product: Printerlogic Vasion Print

CVE-2025-27652Same product: Printerlogic Vasion Print

CVE-2025-27649Same product: Printerlogic Vasion Print

CVE-2025-27668Same product: Printerlogic Vasion Print

CVE-2025-27681Same product: Printerlogic Vasion Print

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vendor Advisory · cve@mitre.org
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html
cve@mitre.org
http://seclists.org/fulldisclosure/2025/Apr/18
af854a3a-2127-422b-91ae-364da2661108