CVE-2025-34206
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | * |
| vasion | virtual_appliance_host | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Vasion Print (formerly PrinterLogic) involves insecure shared storage permissions where host configuration and secret files are mounted with overly-permissive filesystem permissions into many Docker containers. Sensitive files such as secrets.env, GPG-encrypted blobs, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or can access any container can read or modify these sensitive artifacts, potentially leading to credential theft, remote code execution via Laravel APP_KEY, Portainer takeover, and full system compromise. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including theft of credentials, remote code execution, takeover of management interfaces like Portainer, and complete compromise of the affected system. Because sensitive secrets and configuration files are accessible from multiple containers, an attacker gaining access to any container can escalate privileges and control the entire environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for the presence of the vulnerable Vasion Print (PrinterLogic) Virtual Appliance and inspecting the filesystem permissions of the mounted directory /var/www/efs_storage inside Docker containers. You can run commands to list Docker containers and inspect their mounted volumes and permissions. For example, use 'docker ps' to list running containers, then 'docker exec <container_id> ls -l /var/www/efs_storage' to check permissions. Also, check for sensitive files such as secrets.env, .secrets directory, MySQL client keys, and application session files within these mounts. Monitoring network traffic for unusual access patterns to these containers may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting filesystem permissions on the /var/www/efs_storage directory and its contents to prevent unauthorized access from multiple containers. Limit the sharing of sensitive files such as secrets.env, GPG-encrypted blobs, MySQL client keys, and session files across containers. If possible, isolate containers to prevent cross-container access to these files. Additionally, monitor for updates or patches from the vendor and apply them once available. Until a patch is released, consider disabling or limiting the use of the affected Vasion Print Virtual Appliance or SaaS deployment to reduce exposure. [1]