CRITICAL🇵🇱 Wersja polska

CVE-2025-27662

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Password in URL OVE-20230524-0005.

🤖 AI Analysis
How it works

The application transmits credentials (passwords) as part of the URL instead of more secure methods such as HTTP headers or form data. Passwords placed in the URL can be logged in server logs, browser history, intermediate proxies, and network monitoring systems. An attacker with access to these sources is able to read passwords in plaintext without needing any special privileges.

Impact

An attacker can gain access to user or administrator credentials of the print system, leading to full account takeover and potentially the entire print management environment (violation of confidentiality, integrity, and availability).

Mitigation & patch

The software must be updated to Virtual Appliance Host version 22.0.843 and Application 20.0.1923 or newer. Detailed information is available in the manufacturer's security bulletin at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in versions: Virtual Appliance Host before 22.0.843 and Application before 20.0.1923

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)