CVE-2025-34204

Published: Sep 19, 2025Modified: Sep 24, 2025

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP workers, Node.js servers and custom binaries) as the root user. This increases the blast radius of a container compromise and enables lateral movement and host compromise when a container is breached.

Affected (2)

Products: Vasion: Virtual Appliance Application, Virtual Appliance Host

2 products

Virtual Appliance Application

Virtual Appliance Host

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Vasion Virtual Appliance Application	All versions
Vasion Virtual Appliance Host	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Source: disclosure@vulncheck.com

Vendor Advisory

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Source: disclosure@vulncheck.com

Vendor Advisory

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-processes-running-as-root

Source: disclosure@vulncheck.com

ExploitThird Party Advisory

https://www.vulncheck.com/advisories/vasion-print-printerlogic-processes-running-as-root-inside-docker-instances

Source: disclosure@vulncheck.com

Third Party Advisory

Timeline

No history available yet.