CRITICAL🇵🇱 Wersja polska

CVE-2025-27648

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.913 Application 20.0.2253 allows Cross Tenant Password Exposure V-2024-003.

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-522 (Insufficiently Protected Credentials) and consists of improper isolation of authentication data between tenants in the multi-tenant architecture of the Vasion Print system. An attacker operating within the context of one tenant can gain access to credentials (passwords) assigned to another tenant, without the need for authentication, user interaction, or elevated privileges — which is confirmed by a network vector with no prerequisites (AV:N/AC:L/PR:N/UI:N).

Impact

An attacker can obtain passwords of other organizations using the same Vasion Print instance, which may lead to account takeover, unauthorized access to network resources, and large-scale violation of data confidentiality and integrity.

Mitigation & patch

Vasion Print should be updated to Virtual Appliance Host version 22.0.913 or later and Application version 20.0.2253 or later as soon as possible. Detailed information is available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) — Virtual Appliance Host in versions prior to 22.0.913 and Application in versions prior to 20.0.2253

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2253
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.913
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)