Local Privilege Escalation Vulnerability in Vasion Print by PrinterLogic
CVE-2025-34197

8.6HIGH

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
19 September 2025

What is CVE-2025-34197?

Vasion Print, formerly known as PrinterLogic, features an undocumented local user account named 'ubuntu' that has a preset password, allowing users with administrative access to exploit this account for local privilege escalation. The account is configured with a passwordless sudoers entry, granting complete root access without any authentication. This flaw exists in versions of the Vasion Print Virtual Appliance Host prior to 22.0.951 and the Application prior to 20.0.2368. While a partial patch has been released to address aspects of this vulnerability, issues remain, notably with the /etc/sudoers file which continues to expose the system to potential exploitation.

Affected Version(s)

Print Application Linux * < 20.0.2368

Print Virtual Appliance Host Linux * < 22.0.951

References

https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch
https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
.
CVE-2025-34197 : Local Privilege Escalation Vulnerability in Vasion Print by PrinterLogic