CVE-2025-27678
Published: 05 March 2025
Summary
CVE-2025-27678 is a critical-severity Code Injection (CWE-94) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 11.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
Vasion Print, formerly known as PrinterLogic, is affected by CVE-2025-27678, a client-side remote code execution flaw present in versions prior to Virtual Appliance Host 22.0.843 and Application 20.0.1923. The vulnerability is tracked under CWE-94 and carries a CVSS 3.1 score of 9.8, reflecting a network-accessible issue with no required authentication or user interaction that can fully compromise confidentiality, integrity, and availability.
An unauthenticated attacker can exploit the flaw over the network to achieve arbitrary code execution on the client, enabling full control of the affected system without any prior credentials or user assistance.
Vendor guidance published at the PrinterLogic security bulletins page directs customers to upgrade to the fixed releases; independent analyses and disclosure lists corroborate the same version thresholds as the remediation path.
EPSS for the CVE rose from lower values to a peak of 0.0708 on 2026-05-20 before receding to the current 0.0379, indicating a measurable increase in exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6040
Vulnerability details
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an unauthenticated client-side remote code execution vulnerability (CWE-94) in Vasion Print that allows remote attackers to execute arbitrary code on affected clients with no user interaction, directly mapping to Exploitation for Client Execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of known flaws like CVE-2025-27678 through vendor patches to Virtual Appliance Host 22.0.843 and Application 20.0.1923.
Mandates vulnerability scanning and monitoring to identify systems running vulnerable versions of Vasion Print affected by this unauthenticated RCE.
Enforces input validation to block code injection (CWE-94) exploits enabling remote code execution on Vasion Print clients.