Clear-Text Credential Exposure in Vasion Print's Virtual Appliance
CVE-2025-34200

8.6HIGH

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
19 September 2025

What is CVE-2025-34200?

The Vasion Print software is affected by a significant security flaw where network account credentials are stored in clear-text format within the /etc/issue file. This file is accessible to all users on the system by default, permitting malicious actors with local shell access to retrieve sensitive usernames and passwords. Once obtained, these credentials can be exploited to modify critical network parameters through the appliance interface, potentially leading to network misconfigurations, service disruptions, or further privileges escalations. Immediate attention to this vulnerability is essential to safeguard sensitive network information.

Affected Version(s)

Print Application *

Print Virtual Appliance Host *

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/saas/Print/Security/Securit...
product
https://help.printerlogic.com/va/Print/Security/Security-...
product

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
.
CVE-2025-34200 : Clear-Text Credential Exposure in Vasion Print's Virtual Appliance