CRITICAL🇵🇱 Wersja polska

CVE-2025-27650

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013.

🤖 AI Analysis
How it works

The application improperly secures private cryptographic keys (CWE-522 – Insufficiently Protected Credentials), storing them in the Docker Overlay layer in a manner accessible to unauthenticated attackers. The attack vector is network-based, requiring no privileges or user interaction. Obtaining these keys allows attackers to decrypt protected data or impersonate trusted system components.

Impact

An attacker can gain access to private cryptographic keys, which potentially enables complete compromise of confidentiality, integrity, and availability of the system (CVSS vector rating C:H/I:H/A:H). Keys can be exploited for further attacks, including communication decryption or lateral movement within the infrastructure.

Mitigation & patch

Vasion Print must be updated to Virtual Appliance Host version 22.0.862 or later and Application version 20.0.2014 or later. Detailed information is available in vendor security bulletins at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.862 and Application versions below 20.0.2014.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2014
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.862
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)