CVE-2025-34210 PUBLISHED

Vasion Print (formerly PrinterLogic) Readable Cleartext Passwords

Assigner: VulnCheck
Reserved: 15.04.2025 Published: 02.10.2025 Updated: 02.10.2025

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score: 9.4

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Local	Confidentiality	High	Confidentiality	High
Attack Complexity	Low	Integrity	High	Integrity	High
Attack Requirements	None	Availability	High	Availability	High
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Vasion
Product	Print Virtual Appliance Host
Versions	Default: unknown Version * is affected

Vendor	Vasion
Product	Print Application
Versions	Default: unknown Version * is affected

Credits

Pierre Barre finder

References

Problem Types

CWE-256: Plaintext Storage of a Password CWE

Impacts

CAPEC-555 Remote Services with Stolen Credentials