CVE-2025-34188
HIGHVasion Virtual Appliance Application - Log Information Exposure
Title source: ruleDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information. This vulnerability has been identified by the vendor as: V-2022-008 — Secrets Leaked in Logs.
References (4)
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
22.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (2)
vasion/virtual_appliance_application
< 20.0.1330
vasion/virtual_appliance_host
< 1.0.735
Published
Sep 19, 2025
Tracked Since
Feb 18, 2026