Cyber Resilience

CVE-2025-27674

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 62.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27674 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SA-8 (Security and Privacy Engineering Principles) and SC-12 (Cryptographic Key Establishment and Management).

Deeper analysis

CVE-2025-27674 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions prior to Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue involves a hardcoded Identity Provider (IdP) key designated V-2023-006, classified under CWE-321 (Use of Hard-coded Cryptographic Key). It received a CVSS v3.1 base score of 9.8, reflecting its severity due to network accessibility, low attack complexity, no required privileges or user interaction, and high impacts on confidentiality, integrity, and availability. The vulnerability was published on 2025-03-05.

Remote attackers require no authentication or privileges to exploit this flaw over the network with minimal complexity and no user interaction. Successful exploitation enables high-level compromise, including unauthorized access to sensitive data (C:H), modification of systems or data (I:H), and disruption of services (A:H), potentially leading to full control over affected PrinterLogic virtual appliances.

Mitigation details and security bulletins are documented in vendor advisories, with additional analysis available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and http://seclists.org/fulldisclosure/2025/Apr/18. Practitioners should upgrade to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later as indicated in these resources.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1606.002 SAML Tokens Credential Access
An adversary may forge SAML tokens with any permissions claims and lifetimes if they possess a valid SAML token-signing certificate.
Why these techniques?

The remote unauthenticated network-accessible flaw in a public-facing application directly enables T1190. The hardcoded IdP key facilitates forging of SAML tokens for auth bypass and full compromise (T1606.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27670Same product: Printerlogic Vasion Print
CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27681Same product: Printerlogic Vasion Print
CVE-2025-27658Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27672Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of system flaws, directly mitigating this CVE by upgrading to the patched Virtual Appliance Host 22.0.843 Application 20.0.1923 or later.

prevent

SC-12 mandates secure generation, distribution, storage, and management of cryptographic keys using FIPS-validated modules, preventing hardcoded IdP keys like V-2023-006.

prevent

SA-8 applies security engineering principles such as secure coding practices during system design and development, precluding vulnerabilities from hardcoded cryptographic keys.

References