CVE-2025-34210

low-risk

Published 2025-10-02

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Virtual Appliance Application

Virtual Appliance Host

Affected Vendors

Vasion

References (5)

Vendor Advisory https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Vendor Advisory https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Exploit https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabiliti...

Third Party Advisory https://www.vulncheck.com/advisories/vasion-print-printerlogic-readble-cleartext...

Exploit https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabiliti...

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low