CVE-2025-34206 CRITICAL

CVE-2025-34206: Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions

Vendor Vasion
Product Print Virtual Appliance Host
Weakness CWE-732
Published September 19, 2025
Last update November 17, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in .secrets, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or reaches any container can read or modify these artifacts, leading to credential theft, RCE via Laravel APP_KEY, Portainer takeover, and full compromise.

Key dates

02Disclosure timeline

September 19, 2025 CVE published
November 17, 2025 Record updated