CVE-2025-34210
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-02

Last updated on: 2025-10-09

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-02
Last Modified
2025-10-09
Generated
2026-06-19
AI Q&A
2025-10-02
EPSS Evaluated
2026-06-18
NVD
CVE-2025-34210
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application *
vasion virtual_appliance_host *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves Vasion Print Virtual Appliance Host and Application storing many sensitive credentials such as database passwords, MySQL root password, SaaS keys, and admin passwords in cleartext files that are world-readable. This means any local user or any process that can read the host filesystem can access these secrets in plain text, leading to credential theft and potentially full compromise of the appliance.

Impact Analysis

The vulnerability can lead to credential theft by unauthorized users or processes, which can result in full compromise of the appliance. This could allow attackers to gain unauthorized access to sensitive systems and data, potentially causing data breaches, service disruptions, or further exploitation within the environment.

Mitigation Strategies

To mitigate this vulnerability, administrators should configure persistent storage encryption as recommended by the vendor to protect sensitive credentials stored in cleartext files on the appliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart