PT-2025-38602 · Vasion+1 · Vasion Print Application+2
Pierre Barre
·
Published
2025-09-19
·
Updated
2025-09-20
·
CVE-2025-34204
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (affected versions not specified)
Description
The Vasion Print Virtual Appliance Host and Application (VA and SaaS deployments) utilizes Docker containers that execute primary application processes, such as PHP workers, Node.js servers, and custom binaries, with root privileges. This configuration expands the potential impact of a container breach, enabling lateral movement and potential host compromise.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Docker
Vasion Print Application
Vasion Print Virtual Appliance Host