CRITICAL🇵🇱 Wersja polska

CVE-2025-27681

CVSS 9.8v3.1pub. 2025-03-05upd. 2025-11-03

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.

🤖 AI Analysis
How it works

The error classified as CWE-602 (Client-Side Enforcement of Server-Side Security) indicates that security logic, which should be enforced on the server side, is improperly implemented or delegated to the client. An attacker can bypass security control mechanisms for communication between processes, enabling unauthorized interaction with the system. The vulnerability is network-accessible, requires no authentication or user interaction.

Impact

A remote and unauthenticated attacker can gain full access to the system — compromising the confidentiality, integrity, and availability of data and the print management application.

Mitigation & patch

Vasion Print must be updated to Virtual Appliance Host version 1.0.735 / Application 20.0.1330 or later. Detailed information is available in the vendor's security bulletins at: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Who is affected

Vasion Print (formerly PrinterLogic) in Virtual Appliance Host versions below 1.0.735 and Application versions below 20.0.1330.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Printerlogic Vasion Print

    APP
    Printerlogic
    < 20.0.1330
  • Printerlogic Virtual Appliance

    APP
    Printerlogic
    < 1.0.735
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27642CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — nieautoryzowana edycja pakietów sterowników

CVE-2025-27638CRITICAL9.8PL ✓ten sam produkt

Hardcoded Password w Vasion Print (PrinterLogic) — dostęp bez uwierzytelnienia

CVE-2025-27641CRITICAL9.8PL ✓ten sam produkt

Vasion Print / PrinterLogic — pominięcie uwierzytelnienia w API Single Sign-On

CVE-2025-27640CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Vasion Print (PrinterLogic) — zdalne przejęcie kontroli

CVE-2025-27643CRITICAL9.8PL ✓ten sam produkt

Zakodowany na stałe klucz AWS API w Vasion Print (PrinterLogic)