Cyber Resilience

CVE-2025-27673

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0034 56.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27673 is a critical-severity Use of Persistent Cookies Containing Sensitive Information (CWE-539) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-27673 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) affecting Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host before 22.0.843 Application 20.0.1923. The issue, tracked as OVE-20230524-0017 and mapped to CWE-539, involves cookies being returned in the response body, which can lead to information exposure.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as potential session hijacking or unauthorized access to sensitive data through exposed cookies.

Mitigation details and security bulletins are available from the vendor at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm. The CVE was published on 2025-03-05T06:15:40.167.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

Vulnerability in public-facing web application exposes session cookies in response body, directly enabling remote exploitation (T1190) and theft of web session cookies for hijacking (T1539).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27681Same product: Printerlogic Vasion Print
CVE-2025-27642Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27666Same product: Printerlogic Vasion Print
CVE-2025-27672Same product: Printerlogic Vasion Print
CVE-2025-27659Same product: Printerlogic Vasion Print
CVE-2025-27665Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly remediates the specific software flaw in Vasion Print that exposes cookies in response bodies, preventing exploitation and enabling recovery via patching to version 22.0.843 Application 20.0.1923.

prevent

Filters information output from the system to prevent the unauthorized disclosure of sensitive data like cookies in HTTP response bodies.

prevent

Protects the confidentiality and integrity of transmitted responses, mitigating remote attacker access to exposed cookies over the network even if included in the body.

References