CRITICAL🇵🇱 Wersja polska

CVE-2025-27640

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-89 (SQL Injection) results from lack of proper validation or parameterization of input data passed to database queries. An attacker can send a crafted query containing a malicious SQL payload without authentication over the network. This allows manipulation of the logic of queries executed by the application against the database.

Impact

Attackers can gain unauthorized access to data stored in the database, modify or delete data, and in certain configurations lead to complete system takeover or unavailability.

Mitigation & patch

Vasion Print must be updated to Virtual Appliance Host version 22.0.1002 or later and Application version 20.0.2614 or later. Detailed information is available in the vendor's security bulletin at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host version below 22.0.1002 and Application version below 20.0.2614

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2614
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.1002
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27645CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP