CVE-2025-34200
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-19

Last updated on: 2025-09-24

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and the file is world-readable by default. An attacker with local shell access can read /etc/issue to obtain the network account username and password. Using the network account an attacker can change network parameters via the appliance interface, enabling local misconfiguration, network disruption or further escalation depending on deployment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-19
Last Modified
2025-09-24
Generated
2026-06-16
AI Q&A
2025-09-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34200
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application *
vasion virtual_appliance_host *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34200 is a vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application where network account credentials are stored in clear-text inside the /etc/issue file, which is world-readable by default. An attacker with local shell access can read this file to obtain the network account username and password. With these credentials, the attacker can change network parameters via the appliance interface, potentially causing local misconfiguration, network disruption, or further escalation depending on the deployment. [1]

Impact Analysis

This vulnerability can allow an attacker with local access to obtain network account credentials in clear-text, enabling them to modify network parameters through the appliance interface. This can lead to local misconfiguration, network disruption, or further escalation of privileges depending on the deployment. The impact includes high confidentiality and integrity risks, potentially allowing attackers to disrupt network operations or gain further control over the system. [1]

Detection Guidance

This vulnerability can be detected by checking if the file /etc/issue on the Vasion Print Virtual Appliance Host contains network account credentials in cleartext and if the file permissions allow world-readable access. You can use commands such as `cat /etc/issue` to view the contents and `ls -l /etc/issue` to check the file permissions. If the file contains sensitive credentials and is world-readable, the system is vulnerable. [1, 2]

Mitigation Strategies

Immediate mitigation steps include applying all available security patches from the vendor, restricting access to the /etc/issue file to prevent unauthorized reading (e.g., changing file permissions), implementing network segmentation to limit exposure of Vasion Print components, reviewing and remediating insecure configurations especially related to Docker and cryptographic key management, and enhancing authentication and access control mechanisms to prevent unauthorized access to the appliance interface. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart