CVE-2025-27669
Published: 05 March 2025
Summary
CVE-2025-27669 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific uncontrolled resource consumption flaw by applying vendor patches to affected Virtual Appliance Host versions.
Implements denial-of-service protections such as rate limiting and traffic filtering to block remote network scanning exploits causing resource exhaustion.
Ensures controlled allocation and deallocation of system resources to mitigate uncontrolled consumption triggered by unauthenticated network scanning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in remotely accessible public-facing print appliance allows unauthenticated exploitation causing resource exhaustion DoS, directly mapping to T1190 (exploit public-facing app for DoS) and T1499.004 (application/system exploitation for endpoint DoS).
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Network Scanning (XSPA)/DoS OVE-20230524-0013.
Deeper analysisAI
CVE-2025-27669 is a Remote Network Scanning (XSPA)/DoS vulnerability, tracked internally as OVE-20230524-0013, affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions before 22.0.843 Application 20.0.1923. It stems from CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact disruption to availability with no effects on confidentiality or integrity.
The vulnerability can be exploited by unauthenticated attackers accessible over the network, requiring low attack complexity and no user interaction. Exploitation triggers a denial-of-service condition on the Virtual Appliance Host, potentially rendering print management services unavailable.
Mitigation guidance is available in PrinterLogic's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. Affected systems should be updated to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later to remediate the issue.
Details
- CWE(s)