Cyber Resilience

CVE-2025-27665

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27665 is a critical-severity Protection Mechanism Failure (CWE-693) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2025-27665 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving insufficient antivirus protection in Vasion Print, formerly known as PrinterLogic, specifically affecting versions prior to Virtual Appliance Host 22.0.843 Application 20.0.1923. The flaw, classified under CWE-693 (Protection Mechanism Failure), enables drivers containing known malicious code identified as OVE-20230524-0009 to bypass detection and execute. It was published on 2025-03-05.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges, user interaction, or special conditions (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high-impact access to confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data theft, system compromise, or denial of service on affected appliances.

Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, which likely covers patching to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a remote code execution flaw in a network-accessible virtual appliance (Vasion Print) due to insufficient antivirus protection allowing malicious drivers to bypass detection and execute, directly mapping to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27681Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27672Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly requires malicious code protection mechanisms, including antivirus scanning and signature updates, which were insufficient in this CVE allowing known malicious drivers (OVE-20230524-0009) to bypass detection and execute.

prevent

Mandates identification, reporting, and timely correction of flaws like this protection mechanism failure, aligning with the vendor patch to Virtual Appliance Host 22.0.843 Application 20.0.1923.

detect

Requires integrity checks on software and firmware, which could detect unauthorized modifications or execution by malicious drivers that bypassed antivirus.

References