CVE-2025-34200
HIGHVasion Print Virtual Appliance Host and Application - Cleartext Storage of Sensitive Information in /etc/issue
Title source: llmDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.
References (4)
Core 4
Core References
Exploit, Third Party Advisory technical-description
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-clear-text-password
Vendor Advisory product
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vendor Advisory product
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-network-account-password-stored-in-cleartext
Scores
CVSS v3
7.8
EPSS
0.0032
EPSS Percentile
23.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-312
Status
published
Products (2)
vasion/virtual_appliance_application
vasion/virtual_appliance_host
Published
Sep 19, 2025
Tracked Since
Feb 18, 2026