Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. This vulnerability has been identified by the vendor as: V-2024-010 — Hardcoded Linux Password. NOTE: The patch for this vulnerability is reported to be incomplete: /etc/shadow was remediated but /etc/sudoers remains vulnerable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vasion | Virtual Appliance Application | < 20.0.2368 |
| Vasion | Virtual Appliance Host | < 22.0.951 |
Related Weaknesses (CWE)
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-undocumented-locaThird Party Advisory
FAQ
What is CVE-2025-34197?
CVE-2025-34197 is a vulnerability with a CVSS score of 7.8 (HIGH). Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu...
How severe is CVE-2025-34197?
CVE-2025-34197 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-34197?
Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host.