PT-2025-38591 · Vasion · Vasion Print Application+1
Pierre Barre
·
Published
2025-09-19
·
Updated
2025-10-02
·
CVE-2025-34188
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Vasion Print Virtual Appliance Host versions prior to 1.0.735
Vasion Print Application versions prior to 20.0.1330
Description
The local logging mechanism in Vasion Print contains a security issue where authentication session tokens, including
PHPSESSID, XSRF-TOKEN, and laravel session, are stored in cleartext within world-readable log files. A local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, potentially leading to unauthorized system access and exposure of sensitive information.Recommendations
Update Vasion Print Virtual Appliance Host to version 1.0.735 or later.
Update Vasion Print Application to version 20.0.1330 or later.
Exploit
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vasion Print Application
Vasion Print Virtual Appliance Host