CVE-2025-34188
HIGHVasion Print Virtual Appliance Host <1.0.735 & Application <20.0.1330 - Cleartext Session Token Exposure
Title source: llmDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information. This vulnerability has been identified by the vendor as: V-2022-008 — Secrets Leaked in Logs.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
patch
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Exploit, Third Party Advisory technical-description
exploit
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets
Vendor Advisory vendor-advisory
patch
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions
Scores
CVSS v3
7.8
EPSS
0.0029
EPSS Percentile
20.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (4)
Vasion/Print Application
< 20.0.1330
Vasion/Print Virtual Appliance Host
< 1.0.735
vasion/virtual_appliance_application
< 20.0.1330
vasion/virtual_appliance_host
< 1.0.735
Published
Sep 19, 2025
Tracked Since
Feb 18, 2026