CRITICAL🇵🇱 Wersja polska

CVE-2025-27663

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Weak Password Encryption / Encoding OVE-20230524-0007.

🤖 AI Analysis
How it works

The Vasion Print application stores or processes passwords using a weak encryption or encoding algorithm (CWE-521), which does not provide adequate cryptographic protection. An attacker who gains access to stored data (e.g., through another vulnerability or access to the file system/database) can relatively easily reverse the process and recover passwords in plaintext. The lack of requirements for strong password protection mechanisms means that authentication credentials are exposed to compromise.

Impact

An attacker can recover user or system administrator passwords, leading to unauthorized access to resources, account takeover, and potential lateral movement within the organization's network.

Mitigation & patch

Vasion Print should be updated to Virtual Appliance Host version 22.0.843 or newer and Application 20.0.1923 or newer. Detailed information is available in the vendor's security bulletins at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.843 and Application versions below 20.0.1923

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)