CVE-2025-34188
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-10-02

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information.Β This vulnerability has been identified by the vendor as:Β V-2022-008 β€” Secrets Leaked in Logs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-10-02
Generated
2026-05-07
AI Q&A
2025-09-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34188
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
vasion virtual_appliance_application to 20.0.1330 (exc)
vasion virtual_appliance_host to 1.0.735 (exc)
apple macos *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Vasion Print (formerly PrinterLogic) affects certain versions of its Virtual Appliance Host and Application for macOS/Linux clients. It involves the local logging mechanism storing authentication session tokens such as PHPSESSID, XSRF-TOKEN, and laravel_session in cleartext within log files that are world-readable. This means any local user with access to the machine can read these logs, extract the session tokens, and use them to authenticate remotely to the SaaS environment without needing normal login credentials, potentially leading to unauthorized access. [1]


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized system access because attackers or local users can obtain session tokens from readable log files and use them to bypass normal authentication. This can result in exposure of sensitive information and compromise of the SaaS environment associated with Vasion Print. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of world-readable log files on the affected Vasion Print Virtual Appliance Host or Application systems that contain authentication session tokens such as PHPSESSID, XSRF-TOKEN, and laravel_session in cleartext. On a Linux or macOS system, you can use commands like `ls -l` to identify log files with world-readable permissions and `grep` to search for session token strings within those logs. For example, run `ls -l /path/to/logs` to find log files with permissions like '-rw-r--r--' and then `grep -E 'PHPSESSID|XSRF-TOKEN|laravel_session' /path/to/logs/*` to detect exposed tokens. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access permissions on the log files to prevent world-readable access, ensuring that only authorized users can read these logs. Additionally, upgrade the Vasion Print Virtual Appliance Host to version 1.0.735 or later and the Print Application to version 20.0.1330 or later, as these versions address the vulnerability. Monitoring and rotating session tokens regularly can also reduce risk until patches are applied. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart