CRITICAL🇵🇱 Wersja polska

CVE-2025-27677

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002.

🤖 AI Analysis
How it works

The issue stems from improperly configured default permissions (CWE-276), which allow an unprivileged user to create or exploit symbolic links to files or resources that they normally should not have access to. An attacker can thus read, modify, or overwrite system files beyond their permission scope. The attack is possible remotely, without authentication, and without user interaction, making it particularly dangerous.

Impact

An attacker can gain unauthorized access to sensitive data, modify system files, and potentially take full control of the system (RCE or privilege escalation), threatening the confidentiality, integrity, and availability of the environment.

Mitigation & patch

Vasion Print Virtual Appliance Host must be updated to version 22.0.843 or later, and Application to version 20.0.1923 or later, in accordance with the manufacturer's recommendations published in the security bulletin at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) Virtual Appliance Host in versions prior to 22.0.843 and Application in versions prior to 20.0.1923

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1923
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 22.0.843
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)