CVE-2025-27658
Published: 05 March 2025
Summary
CVE-2025-27658 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly identifies and approves user actions performable without identification or authentication, directly countering CWE-288 authentication bypass using alternate paths or channels.
AC-3 enforces approved authorizations for logical access, preventing unauthenticated attackers from compromising confidentiality, integrity, and availability via this bypass vulnerability.
SI-2 mandates identification, reporting, and correction of flaws like this CVE through patching to Virtual Appliance Host 22.0.843 and Application 20.0.1923.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass in public-facing Vasion Print appliance directly enables T1190: Exploit Public-Facing Application for initial unauthenticated network access.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Authentication Bypass OVE-20230524-0001.
Deeper analysisAI
CVE-2025-27658 is an authentication bypass vulnerability, tracked as OVE-20230524-0001, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application versions prior to 20.0.1923. Published on 2025-03-05, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-288 (Authentication Bypass Using an Alternate Path or Channel).
Unauthenticated attackers with network access can exploit this vulnerability due to its low attack complexity and lack of required privileges or user interaction. Exploitation enables bypassing authentication controls, potentially leading to high-impact compromise of confidentiality, integrity, and availability on affected systems.
Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which addresses the issue in Virtual Appliance Host 22.0.843 and Application 20.0.1923.
Details
- CWE(s)