Cyber Resilience

CVE-2025-27657

CriticalRCE

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0160 82.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27657 is a critical-severity Code Injection (CWE-94) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-7 (Boundary Protection).

Deeper analysis

Vasion Print, formerly known as PrinterLogic, is affected by CVE-2025-27657, a remote code execution flaw present in versions prior to Virtual Appliance Host 22.0.843 and Application 20.0.1923. The issue is tracked internally as V-2023-008 and is classified under CWE-94, indicating improper control over code generation that permits an attacker to inject and execute arbitrary code.

An unauthenticated attacker with network access can exploit the vulnerability without user interaction or credentials, achieving full compromise of confidentiality, integrity, and availability on the affected print management server. The CVSS 3.1 score of 9.8 reflects the low attack complexity and the potential for complete system takeover.

Vendor guidance published in the PrinterLogic security bulletin directs customers to upgrade to the fixed Virtual Appliance Host 22.0.843 and Application 20.0.1923 releases. Additional technical details and reproduction information appear in the April 2025 disclosure by Pierre Kim and the associated Full Disclosure mailing list post.

EPSS for the CVE rose from a low baseline to a peak of 0.0307 before settling at 0.0160, indicating measurable post-disclosure interest in exploitation.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

This is a remote unauthenticated code execution vulnerability (CWE-94) in a public-facing application (Vasion Print/PrinterLogic appliance), directly mapping to T1190 Exploit Public-Facing Application for initial access and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27678Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the unauthenticated RCE vulnerability by requiring timely installation of vendor patches as detailed in security bulletins for affected Vasion Print versions.

prevent

Prevents remote exploitation by enforcing boundary protections that restrict network access to the vulnerable virtual appliance from untrusted sources.

detect

Identifies the presence of the vulnerable PrinterLogic appliance version through regular vulnerability scanning, enabling prioritization of remediation.

References