CVE-2025-34234

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 25.1.102 Vasion Print Application versions prior to 25.1.1413

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application deployments contain hardcoded private keys stored in clear text within the application containers (printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi) under /var/www/app/config/ as keyfile.ppk.dev and keyfile.saasid.ppk.dev. These keys are used as the symmetric secret for AES-256-CBC encryption/decryption of the “SaaS Id” through the getEncryptedExternalId() and getDecryptedExternalId() methods. Access to the Docker image or filesystem allows recovery of the encryption key.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.