CVE-2025-34210
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | * |
| vasion | virtual_appliance_host | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Vasion Print Virtual Appliance Host and Application storing many sensitive credentials such as database passwords, MySQL root password, SaaS keys, and admin passwords in cleartext files that are world-readable. This means any local user or any process that can read the host filesystem can access these secrets in plain text, leading to credential theft and potentially full compromise of the appliance.
How can this vulnerability impact me? :
The vulnerability can lead to credential theft by unauthorized users or processes, which can result in full compromise of the appliance. This could allow attackers to gain unauthorized access to sensitive systems and data, potentially causing data breaches, service disruptions, or further exploitation within the environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, administrators should configure persistent storage encryption as recommended by the vendor to protect sensitive credentials stored in cleartext files on the appliance.