Cyber Posture

CVE-2025-27677

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0051 66.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27677 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the symbolic link vulnerability by identifying, reporting, and applying vendor updates to versions like Virtual Appliance Host 22.0.843.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to prevent unauthenticated attackers from using symbolic links to interact with unauthorized files.

AC-6 Least Privilege partial match
prevent

Applies least privilege to restrict unprivileged processes from creating or following symbolic links that enable out-of-scope file access.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability is a remote unauthenticated flaw in a public-facing print application, directly matching T1190 for initial access via exploitation. It also enables unauthorized file interaction outside privileged scopes via symbolic links, directly facilitating T1005 for data collection from the local system.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.

Deeper analysisAI

CVE-2025-27677 is a critical vulnerability (CVSS score 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Vasion Print, formerly known as PrinterLogic, in versions before Virtual Appliance Host 22.0.843 Application 20.0.1923. The issue, tracked as V-2022-002, enables symbolic links for unprivileged file interaction and is classified under CWE-276 (Incorrect Default Permissions). It was published on 2025-03-05.

The vulnerability can be exploited by unauthenticated remote attackers with low complexity and no user interaction required. Exploitation allows high-impact compromise of confidentiality, integrity, and availability, potentially enabling attackers to interact with files outside privileged scopes via symbolic links.

Mitigation details are available in vendor advisories, including PrinterLogic's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, researcher Pierre Kim's analysis of 83 related vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html, and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/18. Updating to Virtual Appliance Host 22.0.843 Application 20.0.1923 or later addresses the issue.

This vulnerability is part of a larger disclosure of 83 flaws in the Vasion Print/PrinterLogic platform documented by Pierre Kim. No real-world exploitation in the wild is noted in available details.

Details

CWE(s)
CWE-276

Affected Products

printerlogic
vasion print
≤ 20.0.1923
printerlogic
virtual appliance
≤ 22.0.843

CVEs Like This One

CVE-2025-27682Same product: Printerlogic Vasion Print
CVE-2025-27659Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27642Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print
CVE-2025-27641Same product: Printerlogic Vasion Print
CVE-2025-27652Same product: Printerlogic Vasion Print
CVE-2025-27649Same product: Printerlogic Vasion Print
CVE-2025-27657Same product: Printerlogic Vasion Print

References