Vulnerability Details CVE-2025-34210
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.9%
CVSS Severity
CVSS v3 Score 5.5
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-readable-passwords
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-readble-cleartext-passwords
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-readable-passwords
Products affected by CVE-2025-34210
-
cpe:2.3:a:vasion:virtual_appliance_application:-
-
cpe:2.3:a:vasion:virtual_appliance_host:-