CVE-2025-34197
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-10-02

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. This vulnerability has been identified by the vendor as: V-2024-010 β€” Hardcoded Linux Password.Β NOTE: The patch for this vulnerability is reported to be incomplete:Β /etc/shadow was remediated but /etc/sudoers remains vulnerable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34197
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application to 20.0.2368 (exc)
vasion virtual_appliance_host to 22.0.951 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34197 is a vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application versions prior to certain releases. It involves an undocumented local user account named 'ubuntu' that has a hardcoded password and passwordless sudo privileges, allowing anyone who knows the password to gain root access via local console or equivalent administrative access. This enables local privilege escalation. Although a patch was issued, it is incomplete because the /etc/sudoers file remains vulnerable. [1]

Impact Analysis

This vulnerability can allow an attacker with local access to the system to escalate their privileges to root without needing to know any other credentials. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of data, and disruption of system availability. [1]

Detection Guidance

This vulnerability can be detected by checking for the presence of the undocumented local user account named 'ubuntu' and verifying if it has passwordless sudo privileges. You can run commands such as 'grep ubuntu /etc/passwd' to see if the user exists, and 'sudo -l -U ubuntu' to check the sudo privileges for the ubuntu user. Additionally, inspecting the /etc/sudoers file or sudoers.d directory for entries granting 'ubuntu ALL=(ALL) NOPASSWD: ALL' can confirm the vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include removing or disabling the undocumented 'ubuntu' user account or changing its password to a strong, unique one. Additionally, modify the /etc/sudoers file to remove or restrict the passwordless sudo privileges granted to the 'ubuntu' user. Since the patch is incomplete and /etc/sudoers remains vulnerable, manual remediation of sudoers entries is necessary to prevent unauthorized root access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34197. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart