CRITICAL🇵🇱 Wersja polska

CVE-2025-27643

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Hardcoded AWS API Key V-2024-006.

🤖 AI Analysis
How it works

The vulnerability consists of a static AWS API access key being embedded directly in the application code or system configuration of Vasion Print. This key is identical across all installations of the product prior to the patched version, meaning that anyone who discovers it — for example through binary analysis, code leak, or other channel — can use it immediately. The attack vector is network-based, requires no privileges or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), making this vulnerability particularly dangerous.

Impact

An attacker can gain full unauthorized access to AWS resources associated with the application, potentially leading to disclosure of sensitive data, modification of cloud infrastructure, and serious violations of system confidentiality, integrity, and availability.

Mitigation & patch

Update Vasion Print to Virtual Appliance Host 22.0.933 / Application 20.0.2368 or later. It is also recommended to immediately rotate (revoke and replace) the potentially compromised AWS API key in your own cloud environment and verify AWS logs for unauthorized key usage. Details available in the vendor's security bulletin.

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions prior to 22.0.933 and Application versions prior to 20.0.2368

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2368
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.933
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27645CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP