CVE-2025-34197

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2368

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application contain an undocumented local user account named ubuntu with a preset password. This account has a sudoers entry granting it passwordless root privileges. An attacker who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, leading to local privilege escalation. The vendor has identified this issue as V-2024-010 — Hardcoded Linux Password. It is reported that the patch for this issue is incomplete, specifically that /etc/shadow was remediated, but /etc/sudoers remains vulnerable.

Recommendations Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951: Update to version 22.0.951 or later. Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2368 (VA and SaaS deployments): Update to version 20.0.2368 or later.