Insecure Password Hashing in Vasion Print Virtual Appliance by PrinterLogic
CVE-2025-34208

8.2HIGH

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
2 October 2025

What is CVE-2025-34208?

Vasion Print, a product by PrinterLogic, has a notable vulnerability due to the use of unsalted SHA-512 hashes for storing user passwords. The hashing mechanism involves a fallback to unsalted SHA-1, utilizing PHP's hash() function across various scripts. This approach lacks per-user salting, making passwords susceptible to offline attacks, including dictionary and rainbow table methods. Furthermore, the migration logic for legacy SHA-1 hashes to SHA-512 during user login hinders the security posture, potentially exposing users still relying on outdated hashing algorithms. While partial mitigations have been applied, significant vulnerabilities remain, particularly in the legacy authentication framework.

Affected Version(s)

Print Application *

Print Virtual Appliance Host *

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34208 : Insecure Password Hashing in Vasion Print Virtual Appliance by PrinterLogic