CVE-2025-34209
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 20.0.2014 (exc) |
| vasion | virtual_appliance_host | to 22.0.862 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Vasion Print (formerly PrinterLogic) involves Docker images containing a hardcoded private GPG key and passphrase stored in cleartext within the Virtual Appliance Host and Application versions prior to specified releases. An attacker with administrative access can extract this private key, import it into their own system, decrypt GPG-encrypted files, and sign arbitrary firmware updates. These maliciously signed updates can then be executed by the appliance, giving the attacker full control over the virtual appliance. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with administrative access to gain full control over the virtual appliance by decrypting sensitive files and installing malicious firmware updates. This can lead to unauthorized access, data compromise, and disruption of services relying on the appliance. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking the affected Vasion Print (PrinterLogic) Virtual Appliance Host and Application versions for the presence of the hardcoded GPG private key and passphrase in Docker images or files. Since the private key and passphrase are stored in cleartext and hardcoded, you can search the appliance filesystem or Docker images for files containing the key or passphrase strings. For example, commands like 'grep -r "[email protected]" /path/to/appliance' or inspecting Docker images with 'docker image save' and then searching extracted files can help identify the presence of the private key. Additionally, verifying the version numbers to confirm if they are prior to 22.0.862 (Host) or 20.0.2014 (Application) can help determine vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Vasion Print (PrinterLogic) Virtual Appliance Host to version 22.0.862 or later and the Application to version 20.0.2014 or later, as these versions address the vulnerability by removing the hardcoded private key. Until upgrades can be applied, restrict administrative access to the appliance to trusted personnel only, monitor for suspicious activity, and avoid deploying untrusted firmware updates. Consider rotating any keys or credentials that may have been exposed due to this vulnerability. [1]