CVE-2025-27685
Published: 05 March 2025
Summary
CVE-2025-27685 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Printerlogic Vasion Print. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Private Keys (T1552.004); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-28 (Protection of Information at Rest).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires cryptographic mechanisms to protect confidentiality of sensitive information at rest, directly mitigating the cleartext storage of the CA certificate and private key in the configuration file.
Mandates establishment and implementation of secure configuration settings, preventing exposure of sensitive data like CA certificates and private keys in remotely accessible files.
Requires timely identification, reporting, and correction of system flaws, enabling deployment of the vendor patch that resolves the vulnerable configuration file exposure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes a CA certificate and private key in cleartext within a remotely retrievable configuration file, directly enabling adversaries to obtain private keys.
NVD Description
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Configuration File Contains CA & Private Key V-2022-001.
Deeper analysisAI
CVE-2025-27685 is a vulnerability in Vasion Print, formerly known as PrinterLogic, affecting versions before Virtual Appliance Host 1.0.735 Application 20.0.1330. It involves a configuration file that exposes a Certificate Authority (CA) certificate and private key, corresponding to CWE-312 (Cleartext Storage of Sensitive Information). The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with network-based exploitation potential.
Unauthenticated attackers with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows remote retrieval of the configuration file, yielding the CA certificate and private key, which could facilitate subsequent attacks like impersonation or interception of print-related communications.
Mitigation requires updating to Virtual Appliance Host 1.0.735 Application 20.0.1330 or later. Vendor security bulletins are available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm, alongside details in Pierre Kim's disclosure of 83 Vasion/PrinterLogic vulnerabilities at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html and the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/18.
Details
- CWE(s)