CRITICAL🇵🇱 Wersja polska

CVE-2025-27641

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.

🤖 AI Analysis
How it works

The Vasion Print application exposes certain API endpoints related to the Single Sign-On mechanism without requiring authentication (CWE-287 — improper authentication). A remote attacker, over the network, without any privileges or user interaction, can invoke these APIs and bypass access controls. The network vector (AV:N) and lack of attack complexity requirements (AC:L) make the exploit accessible to anyone with network access to the instance.

Impact

Successful exploitation of the vulnerability gives the attacker full access to sensitive data, the ability to modify print system configuration and data, and potential disruption of service availability — which corresponds to a C:H/I:H/A:H rating in the CVSS vector.

Mitigation & patch

Update Vasion Print to Virtual Appliance Host version 22.0.951 or later and Application version 20.0.2368 or later. Detailed information is available in the manufacturer's security bulletin at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions prior to 22.0.951 and Application versions prior to 20.0.2368

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2368
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.951
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27645CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP