cvedb.io
CVE-2025-34210
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2025-10-02T17:16:05.310 · Last modified 2026-06-17T09:13:39.917

Summary

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) in cleartext files that are world-readable. Any local user - or any process that can read the host filesystem - can retrieve all of these secrets in plain text, leading to credential theft and full compromise of the appliance. The vendor does not consider this to be a security vulnerability as this product "follows a shared responsibility model, where administrators are expected to configure persistent storage encryption."

Affected products

vasion — virtual_appliance_application

Does this affect you?

Add your gear to cvedb and we'll alert you only when vasion ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.