CVE-2025-34200

HIGH

Vasion Virtual Appliance Application - Cleartext Storage

Title source: rule

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.

References (4)

[Exploit, Third Party Advisory] https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-clear-text-password

[Vendor Advisory] https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

[Vendor Advisory] https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

[Third Party Advisory] https://www.vulncheck.com/advisories/vasion-print-printerlogic-network-account-password-stored-in-cleartext

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

vasion/virtual_appliance_application

vasion/virtual_appliance_host

Published Sep 19, 2025

Tracked Since Feb 18, 2026