CRITICAL🇵🇱 Wersja polska

CVE-2025-27682

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005.

🤖 AI Analysis
How it works

The error results from incorrect default permissions (CWE-276) assigned to application log files or directories. Overly permissive permissions allow an unauthenticated network attacker to read or write log files without needing any privileges or user interaction. The attack vector is network-based, with no required authentication and no user interaction, making this vulnerability particularly dangerous in network-exposed environments.

Impact

An attacker can gain access to sensitive information contained in application logs (e.g., credentials, user data) and potentially modify or delete logs, which threatens the integrity and availability of the system.

Mitigation & patch

Vasion Print should be updated to Virtual Appliance Host version 1.0.735 / Application 20.0.1330 or later. Detailed information is available in the vendor's security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) Virtual Appliance Host in versions before 1.0.735 and Application in versions before 20.0.1330

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1330
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 1.0.735
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)