CVE-2025-34197

UNKNOWN 0.0

Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password and Passwordless sudo

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges (ubuntu ALL=(ALL) NOPASSWD: ALL). Anyone who knows the hardcoded password can obtain root privileges via local console or equivalent administrative access, enabling local privilege escalation. This vulnerability has been identified by the vendor as: V-2024-010 — Hardcoded Linux Password. NOTE: The patch for this vulnerability is reported to be incomplete: /etc/shadow was remediated but /etc/sudoers remains vulnerable.

CWE	CWE-798
Vendor	vasion
Product	print virtual appliance host
Published	Sep 19, 2025
Last Updated	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for vasion print virtual appliance host

Be the first to know when new unknown vulnerabilities affecting vasion print virtual appliance host are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Vasion / Print Virtual Appliance Host

0 < 22.0.951

Vasion / Print Application

0 < 20.0.2368

References

NVD ↗ CVE.org ↗ EPSS Data ↗

help.printerlogic.com: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm pierrekim.github.io: https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-hardcoded-password-ubuntu help.printerlogic.com: https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm vulncheck.com: https://www.vulncheck.com/advisories/vasion-print-printerlogic-undocumented-local-account-with-hardcoded-password-and-passwordless-sudo

Credits

Pierre Barre