CRITICAL🇵🇱 Wersja polska

CVE-2025-27642

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.

🤖 AI Analysis
How it works

The application does not require authentication (CWE-306 — missing access control) for functions responsible for driver package management. An attacker can remotely modify driver packages distributed to print clients over the network without any credentials and without user interaction. The injected driver package may contain malicious code that will subsequently be installed on workstations downloading drivers from the server.

Impact

An attacker can substitute legitimate driver packages with malicious ones, leading to compromise of confidentiality, integrity, and availability of systems — including potential takeover of workstations downloading infected drivers.

Mitigation & patch

Virtual Appliance Host must be updated to version 22.0.933 or later and Application to version 20.0.2368 or later. Detailed information is available in the vendor's security bulletin at the address indicated in the references.

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.933 and Application versions below 20.0.2368

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.2368
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.933
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27645CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — niebezpieczna instalacja rozszerzeń przez HTTP