What is the CVSS score of CVE-2025-61546?

CVE-2025-61546 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Print Shop Pro Webdesk are affected by CVE-2025-61546?

Organizations using edu Business Solutions Print Shop Pro WebDesk face critical risk from CVE-2025-61546, a input validation vulnerability rated CVSS 9.1.

Is there a public PoC exploit available for CVE-2025-61546?

Yes, a public proof-of-concept exploit is available for CVE-2025-61546. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-61546?

Within 24 hours: Identify all affected systems running edu Business Solutions Print Shop Pro WebDesk and apply vendor patches immediately. Monitor vendor channels for patch availability.

Print Shop Pro Webdesk CVE-2025-61546

CRITICAL

Improper Input Validation (CWE-20)

2026-01-08 cve@mitre.org

Code Injection Print Shop Pro Webdesk

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 10, 2026 - 18:16 vuln.today

Public exploit code

CVE Published

Jan 08, 2026 - 17:15 nvd

CRITICAL 9.1

DescriptionCVE.org

There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.69) that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls.

AnalysisAI

Print Shop Pro WebDesk 18.34 allows purchasing items with negative quantities, creating financial discrepancies. Attackers can generate credits or manipulate pricing through the GetUnitPrice endpoint. PoC available, fixed in 19.69.

Technical ContextAI

The /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint relies on client-side validation for quantity values (CWE-20). Negative quantities bypass the UI validation, causing the system to calculate negative prices (credits) or manipulate order totals.

RemediationAI

Update to version 19.69. Implement server-side validation for all numeric inputs.

CVE-2025-61546 vulnerability details – vuln.today

Back

Print Shop Pro Webdesk CVE-2025-61546

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code