CVE-2025-34223

CRITICAL EPSS 63.0%
Published Sep 29, 20259mo ago · Modified Jun 17, 20262w ago
10.0 CVSS 4.0
Critical
Find Similar
Published Sep 29, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker‑controlled ones. The script also contains hard‑coded SHA‑512 and SHA‑1 hashes of the default password, allowing the attacker to bypass password‑policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup. This vulnerability has been identified by the vendor as: V-2024-022 — Insecure Installation Credentials.

CVSS Details

Base Score
10.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
63.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-306 Missing Authentication for Critical Function Authentication
CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 2

VendorProductVersionRange
vasionvirtual_appliance_application* <20.0.2786
vasionvirtual_appliance_host* <22.0.1049

References 4

  • help.printerlogic.com https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
    Vendor Advisory
  • help.printerlogic.com https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
    Vendor Advisory
  • pierrekim.github.io https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-credentials-installation
    ExploitThird Party Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-installation-credentials
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.