CVE-2025-27674
Published: 05 March 2025
Summary
CVE-2025-27674 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SA-8 (Security and Privacy Engineering Principles) and SC-12 (Cryptographic Key Establishment and Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification, reporting, and correction of system flaws, directly mitigating this CVE by upgrading to the patched Virtual Appliance Host 22.0.843 Application 20.0.1923 or later.
SC-12 mandates secure generation, distribution, storage, and management of cryptographic keys using FIPS-validated modules, preventing hardcoded IdP keys like V-2023-006.
SA-8 applies security engineering principles such as secure coding practices during system design and development, precluding vulnerabilities from hardcoded cryptographic keys.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The remote unauthenticated network-accessible flaw in a public-facing application directly enables T1190. The hardcoded IdP key facilitates forging of SAML tokens for auth bypass and full compromise (T1606.002).
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006.
Deeper analysisAI
CVE-2025-27674 is a critical vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions prior to Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue involves a hardcoded Identity Provider (IdP) key designated V-2023-006, classified under CWE-321 (Use of Hard-coded Cryptographic Key). It received a CVSS v3.1 base score of 9.8, reflecting its severity due to network accessibility, low attack complexity, no required privileges or user interaction, and high impacts on confidentiality, integrity, and availability. The vulnerability was published on 2025-03-05.
Remote attackers require no authentication or privileges to exploit this flaw over the network with minimal complexity and no user interaction. Successful exploitation enables high-level compromise, including unauthorized access to sensitive data (C:H), modification of systems or data (I:H), and disruption of services (A:H), potentially leading to full control over affected PrinterLogic virtual appliances.
Mitigation details and security bulletins are documented in vendor advisories, with additional analysis available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and http://seclists.org/fulldisclosure/2025/Apr/18. Practitioners should upgrade to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later as indicated in these resources.
Details
- CWE(s)