CRITICAL🇵🇱 Wersja polska

CVE-2025-27656

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Password Stored in Process List V-2023-011.

🤖 AI Analysis
How it works

The application stores the password in a plaintext manner visible in the system process list (process list), which is classified as CWE-256 (Plaintext Storage of a Password). A person or process with access to the process list — locally or remotely — can read the password without needing elevated privileges or user interaction. The attack vector is network-based, and the attack complexity is low, making this vulnerability particularly dangerous.

Impact

An attacker can obtain credentials stored in the process list, which may result in complete system takeover, violation of data confidentiality, integrity, and availability.

Mitigation & patch

Virtual Appliance Host must be updated to version 22.0.862 or later, and Application to version 20.0.2014 or later. Detailed information is available in the vendor's security bulletin at the address indicated in the references.

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions before 22.0.862 and Application versions before 20.0.2014

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2014
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.862
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)