CVE-2025-27673

CRITICAL
Published Mar 5, 2025 Modified Apr 1, 2025 CWE-539

Description

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.

CVSS v3.1 Score

9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

CWE-539 CWE-539

Affected Products

Vendor Product
printerlogic vasion_print
printerlogic virtual_appliance

References

Frequently Asked Questions

What is CVE-2025-27673? +
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. It has a CVSS v3.1 base score of 9.1 (CRITICAL).
How severe is CVE-2025-27673? +
CVE-2025-27673 has a CVSS v3.1 score of 9.1 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2025-27673? +
CVE-2025-27673 affects products from printerlogic, specifically: vasion_print, virtual_appliance. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-27673? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-39275 8.0

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a …
CVE-2026-35192 6.5

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if …
CVE-2025-27638 9.8

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Hardcoded Password V-2024-013.
CVE-2025-27641 9.8

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.951 Application 20.0.2368 allows Unauthenticated APIs for Single-Sign On V-2024-009.
CVE-2025-27640 9.8

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows SQL Injection V-2024-012.
CVE-2025-27642 9.8

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Unauthenticated Driver Package Editing V-2024-008.

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-27673 — free, no signup required.

Start Free Scan