Cyber Resilience

CVE-2025-27680

Critical

Published: 05 March 2025

Published
05 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0019 40.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27680 is a critical-severity Insufficient Verification of Data Authenticity (CWE-345) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Firmware (T1542.001); ranked at the 40.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-14 (Signed Components) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

CVE-2025-27680 is a high-severity vulnerability (CVSS 9.1, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) affecting Vasion Print, formerly known as PrinterLogic, specifically versions of the Virtual Appliance Host before 1.0.750 Application 20.0.1442. The issue, tracked as V-2024-004, involves insecure firmware images due to insufficient verification of data authenticity (CWE-345), allowing flawed checks that fail to properly validate firmware integrity or origin.

Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as injecting or deploying malicious firmware images that bypass authenticity checks, potentially leading to unauthorized code execution or system compromise within the affected appliance.

Mitigation details are available in the vendor's security bulletins at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, along with analysis from independent researcher Pierre Kim's report on 83 vulnerabilities in Vasion/PrinterLogic at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and a Full Disclosure mailing list entry at http://seclists.org/fulldisclosure/2025/Apr/18; upgrading to Virtual Appliance Host 1.0.750 Application 20.0.1442 or later addresses the issue.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1542.001 System Firmware Stealth
Adversaries may modify system firmware to persist on systems.
Why these techniques?

The vulnerability directly enables deployment of malicious firmware by bypassing authenticity/integrity checks (CWE-345), mapping to T1542.001 System Firmware for persistence or code execution on the appliance.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27677Same product: Printerlogic Vasion Print
CVE-2025-27646Same product: Printerlogic Vasion Print
CVE-2025-27682Same product: Printerlogic Vasion Print
CVE-2025-27639Same product: Printerlogic Vasion Print
CVE-2025-27669Same product: Printerlogic Vasion Print
CVE-2025-27668Same product: Printerlogic Vasion Print
CVE-2025-27648Same product: Printerlogic Vasion Print
CVE-2025-27664Same product: Printerlogic Vasion Print
CVE-2025-27671Same product: Printerlogic Vasion Print
CVE-2025-27651Same product: Printerlogic Vasion Print

Affected Assets

printerlogic
vasion print
≤ 20.0.1442
printerlogic
virtual appliance
≤ 1.0.750

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires digital signature verification for firmware components prior to installation, directly addressing the CVE's insufficient authenticity checks for firmware images.

preventdetect

Mandates integrity verification mechanisms for firmware to prevent and detect unauthorized or malicious firmware changes exploiting flawed validation.

prevent

Ensures verification of component authenticity, including vendor-supplied firmware images, to block deployment of inauthentic or tampered firmware.

References