CRITICAL🇵🇱 Wersja polska

CVE-2025-27638

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.

🤖 AI Analysis
How it works

The Vasion Print application contains a statically hardcoded password in its source code or configuration (CWE-259 — Use of Hard-coded Password). An attacker knowing this password can authenticate to the system without needing to possess legitimate credentials. The vulnerability is remotely accessible over the network without any prerequisites, making it particularly dangerous in Internet-exposed environments.

Impact

An attacker can gain full, unauthorized access to the print management system, which may lead to data confidentiality breach, configuration modification, or disruption of printing services availability in the organization.

Mitigation & patch

Vasion Print should be updated as soon as possible to Virtual Appliance Host version 22.0.1002 or later and Application version 20.0.2614 or later. Details are available in the vendor's security bulletins at help.printerlogic.com.

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions before 22.0.1002 and Application versions before 20.0.2614

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2614
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.1002
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27645CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP