Cyber Resilience

CVE-2025-27672

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 14.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27672 is a critical-severity Improper Authentication (CWE-287) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27672 is an OAuth security bypass vulnerability (tracked internally as OVE-20230524-0016) affecting Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host prior to 22.0.843 and the Application prior to 20.0.1923. Assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it stems from CWE-287 (Improper Authentication), enabling attackers to circumvent authentication mechanisms in the OAuth flow.

Remote attackers require no privileges or user interaction and can exploit this over the network with low complexity. Successful exploitation grants high-impact access, compromising confidentiality, integrity, and availability, potentially allowing full control over the affected virtual appliance.

The vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm details mitigation steps, including upgrading to Virtual Appliance Host 22.0.843 or later and Application 20.0.1923 or later.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows OAUTH Security Bypass OVE-20230524-0016.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes an authentication bypass (CWE-287) in a public-facing Vasion Print virtual appliance, allowing remote unauthenticated attackers to gain full control over the system. This directly maps to exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27675Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Requires timely identification, reporting, and correction of system flaws, directly mitigating the OAuth security bypass by applying vendor-recommended upgrades to patched versions.

prevent

Mandates secure requirements for identity providers and authorization servers used in OAuth flows, preventing authentication bypass vulnerabilities like CWE-287 in the virtual appliance.

prevent

Enforces identification and authentication for users and processes, addressing improper authentication in the OAuth mechanism to block unauthorized access.

References