CVE-2025-34196
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 25.1.1413 (exc) |
| vasion | virtual_appliance_host | to 25.1.102 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Windows client versions that contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. These sensitive files, such as clientsettings.dat and defaults.ini, are shipped with the product. An attacker who obtains these files can impersonate the CA, sign arbitrary certificates trusted by the Windows client, and perform man-in-the-middle or impersonation attacks on the product's network communications.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to impersonate the trusted Certificate Authority, intercept or decrypt TLS-protected communications, and perform man-in-the-middle or impersonation attacks. This can lead to unauthorized access to sensitive data, compromise of secure communications, and potential further exploitation of the affected network environment.