Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matching private key gives an attacker root access to the appliance.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vasion | Virtual Appliance Application | - |
| Vasion | Virtual Appliance Host | - |
Related Weaknesses (CWE)
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-incorrect-encryptBroken Link
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
FAQ
What is CVE-2025-34217?
CVE-2025-34217 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys...
How severe is CVE-2025-34217?
CVE-2025-34217 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-34217?
Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host.