CVE-2025-34210

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) (affected versions not specified)

Description The software stores a significant number of sensitive credentials, including database passwords, MySQL root password, SaaS keys, and Portainer admin password, in cleartext files that are world-readable. Any local user or process with access to the host filesystem can retrieve these credentials in plain text, potentially leading to credential theft and full compromise of the appliance. The vendor attributes this to a shared responsibility model, expecting administrators to configure persistent storage encryption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.