Home

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local logging mechanism. Authentication session tokens, including PHPSESSID, XSRF-TOKEN, and laravel_session, are stored in cleartext within world-readable log files. Any local user with access to the machine can extract these session tokens and use them to authenticate remotely to the SaaS environment, bypassing normal login credentials, potentially leading to unauthorized system access and exposure of sensitive information. This vulnerability has been identified by the vendor as: V-2022-008 — Secrets Leaked in Logs.

PUBLISHED Reserved 2025-04-15 | Published 2025-09-19 | Updated 2025-10-02 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-532 Insertion of Sensitive Information into Log File

Product status

Default status
unknown

* (semver) before 1.0.735
affected

Default status
unaffected

* (semver) before 20.0.1330
affected

Credits

Pierre Barre finder

References

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

pierrekim.github.io/...-printerlogic-83-vulnerabilities.html technical-description exploit

help.printerlogic.com/...int/Security/Security-Bulletins.htm vendor-advisory patch

www.vulncheck.com/...al-log-disclosure-of-cleartext-sessions third-party-advisory

cve.org (CVE-2025-34188)

nvd.nist.gov (CVE-2025-34188)

Download JSON