CVE-2025-27680
Published: 05 March 2025
Summary
CVE-2025-27680 is a critical-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 45.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires digital signature verification for firmware components prior to installation, directly addressing the CVE's insufficient authenticity checks for firmware images.
Mandates integrity verification mechanisms for firmware to prevent and detect unauthorized or malicious firmware changes exploiting flawed validation.
Ensures verification of component authenticity, including vendor-supplied firmware images, to block deployment of inauthentic or tampered firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables deployment of malicious firmware by bypassing authenticity/integrity checks (CWE-345), mapping to T1542.001 System Firmware for persistence or code execution on the appliance.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.
Deeper analysisAI
CVE-2025-27680 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) affecting Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host before 1.0.750 Application 20.0.1442. The issue, tracked as V-2024-004, involves insecure firmware images due to insufficient verification of data authenticity (CWE-345), allowing flawed checks that fail to properly validate firmware integrity or origin.
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as injecting or deploying malicious firmware images that bypass authenticity checks, potentially leading to unauthorized code execution or system compromise within the affected appliance.
Mitigation details are available in the vendor's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with analysis from independent researcher Pierre Kim's report on 83 vulnerabilities in Vasion/PrinterLogic at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18; upgrading to Virtual Appliance Host 1.0.750 Application 20.0.1442 or later addresses the issue.
Details
- CWE(s)