Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vasion | Virtual Appliance Application | - |
| Vasion | Virtual Appliance Host | - |
Related Weaknesses (CWE)
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-network-account-pThird Party Advisory
FAQ
What is CVE-2025-34200?
CVE-2025-34200 is a vulnerability with a CVSS score of 7.8 (HIGH). Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and...
How severe is CVE-2025-34200?
CVE-2025-34200 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-34200?
Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host.