CVE-2025-27663
Published: 05 March 2025
Summary
CVE-2025-27663 is a critical-severity Weak Password Requirements (CWE-521) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
IA-5 requires protection of authenticators including passwords using cryptographic mechanisms, directly addressing weak password encryption or encoding in the Vasion Print appliance.
SC-28 implements cryptographic protection for information at rest, mitigating weak storage encryption of passwords that enables remote attacker extraction.
SI-2 mandates timely remediation of identified flaws like this weak password encryption vulnerability through application of vendor patches and upgrades.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Weak password encryption/encoding directly enables T1552 Unsecured Credentials by making stored or transmitted passwords easily recoverable. The remote, unauthenticated nature in a public-facing application (virtual appliance) allows exploitation via T1190 Exploit Public-Facing Application leading to full compromise.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.
Deeper analysisAI
CVE-2025-27663 is a critical vulnerability involving weak password encryption or encoding, designated as OVE-20230524-0007 and mapped to CWE-521. It affects Vasion Print, formerly known as PrinterLogic, specifically Virtual Appliance Host versions before 22.0.843 and Application versions before 20.0.1923. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating severe risk due to its network accessibility and high impacts across the confidentiality, integrity, and availability triads.
Remote attackers require only network access to exploit this issue, with no privileges, user interaction, or special complexity needed. Exploitation of the weak password encryption or encoding can enable attackers to achieve high-level compromise, potentially allowing unauthorized access to sensitive data, system modification, and service disruption.
Mitigation guidance is provided in the official PrinterLogic security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm.
Details
- CWE(s)