Vulnerability Details CVE-2025-34197
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. NOTE: The patch for this vulnerability is reported to be incomplete: /etc/shadow was remediated but /etc/sudoers remains vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.5%
CVSS Severity
CVSS v3 Score 7.8
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-password-ubuntu
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-undocumented-local-account-with-hardcoded-password-and-passwordless-sudo
Products affected by CVE-2025-34197
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1099
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1181
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1285
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1305
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1330
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1380
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1442
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1480
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1510
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1533
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1582
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1682
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1708
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1766
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.1923
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.2014
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.2140
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.2253
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.671
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.674
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.693
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.756
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.795
-
cpe:2.3:a:vasion:virtual_appliance_application:20.0.846
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.541
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.543
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.581
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.584
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.593
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.674
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.711
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.730
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.735
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.742
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.750
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.756
-
cpe:2.3:a:vasion:virtual_appliance_host:1.0.757
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.818
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.843
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.862
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.893
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.913
-
cpe:2.3:a:vasion:virtual_appliance_host:22.0.933