CVE-2025-34188

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34188
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

24 Sep 2025, 19:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
First Time Vasion virtual Appliance Host
Apple macos
Linux
Linux linux Kernel
Apple
Vasion virtual Appliance Application
Vasion
References () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets - () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets - Exploit, Third Party Advisory
References () https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions - () https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions - Third Party Advisory

19 Sep 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-19 19:15

Updated : 2025-09-24 19:48

NVD link : CVE-2025-34188

Mitre link : CVE-2025-34188

CVE.ORG link : CVE-2025-34188

JSON object : View

Products Affected

apple

  • macos

vasion

  • virtual_appliance_application
  • virtual_appliance_host

linux

  • linux_kernel
CWE
CWE-532

Insertion of Sensitive Information into Log File