← Back to CVEs

CVE-2025-34204

CRITICAL

9.8

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP workers, Node.js servers and custom binaries) as the root user. This increases the blast radius of a container compromise and enables lateral movement and host compromise when a container is breached.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published9/19/2025

Last Modified9/24/2025

Sourcenvd

Honeypot Sightings0

Affected Products

vasion:virtual_appliance_applicationvasion:virtual_appliance_host

Weaknesses (CWE)

CWE-269

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm(disclosure@vulncheck.com)

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm(disclosure@vulncheck.com)

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-processes-running-as-root(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/vasion-print-printerlogic-processes-running-as-root-inside-docker-instances(disclosure@vulncheck.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.