Cyber Posture

CVE-2025-27666

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 59.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27666 is a critical-severity Missing Authorization (CWE-862) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 40.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 mandates enforcement of approved authorizations for access to system resources, directly addressing the insufficient authorization checks that enable unauthenticated remote exploitation.

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely identification, reporting, and remediation of flaws like CVE-2025-27666 through patching to virtual appliance versions 22.0.843 and later.

AC-6 Least Privilege partial match
prevent

AC-6 enforces least privilege to restrict the impact of unauthorized access even when authorization checks are insufficient.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes insufficient authorization checks enabling unauthenticated remote exploitation of a public-facing application (Vasion Print/PrinterLogic), directly mapping to T1190: Exploit Public-Facing Application. The critical severity and potential for arbitrary code execution, data access, or service disruption confirm this as the primary technique facilitated by the vulnerability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Authorization Checks OVE-20230524-0010.

Deeper analysisAI

CVE-2025-27666 is a vulnerability involving insufficient authorization checks (CWE-862, identified as OVE-20230524-0010) in Vasion Print, formerly known as PrinterLogic. It affects versions before Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue was published on 2025-03-05 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread impact.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation grants high-impact access to confidentiality, integrity, and availability, enabling attackers to potentially read, modify, or delete data, execute arbitrary code, or disrupt services on affected systems.

Mitigation details are available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm.

Details

CWE(s)
CWE-862

Affected Products

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

CVEs Like This One

CVE-2025-27642Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27649Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27657Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27659Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print

References