CRITICAL🇵🇱 Wersja polska

CVE-2025-27668

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-04-01

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-829 (Inclusion of Functionality from Untrusted Control Sphere) allows an attacker to embed arbitrary external resources in the application interface through an uncontrolled Iframe element. The mechanism does not require an account or any form of authorization, and network connectivity to the vulnerable instance is sufficient to conduct the attack. By injecting malicious content, the attacker can manipulate what the user sees and interacts with in the context of the printer management application.

Impact

An attacker can achieve complete compromise of system confidentiality, integrity, and availability — particularly theft of authentication credentials, execution of malicious code in the victim's browser, or manipulation of the application interface to further escalate the attack.

Mitigation & patch

Vasion Print should be updated to Virtual Appliance Host version 22.0.843 or later and Application version 20.0.1923 or later. Detailed information is available in the vendor's security bulletin at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 22.0.843 and Application versions below 20.0.1923

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)