CVE-2025-34200 HIGH

CVE-2025-34200: Vasion Print (formerly PrinterLogic) Network Account Password Stored in Cleartext

Vendor Vasion
Product Print Virtual Appliance Host
Weakness CWE-312 · Cleartext storage
Published September 19, 2025
Last update November 17, 2025

CVSS base score

8.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.

Key dates

02Disclosure timeline

September 19, 2025 CVE published
November 17, 2025 Record updated