CVE-2025-34200

Vasion Print (formerly PrinterLogic) Network Account Password Stored in Cleartext

CVSS 8.6 HIGHEPSS 0.3%CWE-312

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.6EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 set 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Produtos afetados

Vasion · Print Application Vasion · Print Virtual Appliance Host

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-clear-text-password https://www.vulncheck.com/advisories/vasion-print-printerlogic-network-account-password-stored-in-cleartext