Cyber Resilience

CVE-2025-27656

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27656 is a critical-severity Plaintext Storage of a Password (CWE-256) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2025-27656 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, specifically affecting versions before Virtual Appliance Host 22.0.862 Application 20.0.2014. The issue involves passwords stored in plain text in the process list, classified under CWE-256 (Plain-text Storage of a Password). It received a CVSS v3.1 base score of 9.8, reflecting its high severity due to network accessibility, low attack complexity, no required privileges or user interaction, and significant impacts on confidentiality, integrity, and availability.

Remote attackers without authentication can exploit this vulnerability by accessing the process list, potentially extracting sensitive passwords. Successful exploitation enables high-level compromise, including unauthorized access to credentials that could lead to further system takeover, data exfiltration, or disruption of print management services.

Mitigation requires upgrading to Virtual Appliance Host 22.0.862 Application 20.0.2014 or later. Vendor security bulletins and advisories provide additional details, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with disclosure analyses such as Pierre Kim's report on 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Vulnerability in public-facing Vasion Print appliance allows remote unauthenticated access to process list exposing plaintext passwords, directly enabling T1190 for initial access and T1552 for obtaining unsecured credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27662Same product: Printerlogic Vasion Print
CVE-2025-27663Same product: Printerlogic Vasion Print
CVE-2025-27648Same product: Printerlogic Vasion Print
CVE-2025-27681Same product: Printerlogic Vasion Print
CVE-2025-27642Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27666Same product: Printerlogic Vasion Print
CVE-2025-27672Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.2014
printerlogic
virtual appliance
≤ 22.0.862

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 requires managing and protecting authenticators such as passwords from unauthorized disclosure, directly preventing plain-text storage in accessible process lists.

prevent

SC-7 enforces boundary protection to monitor and control communications at external interfaces, preventing remote unauthorized access to the process list containing plain-text passwords.

prevent

SI-2 mandates identification, reporting, and timely remediation of flaws like this plain-text password exposure through vendor patching or upgrades.

References