CVE-2025-34188
📋 TL;DR
This vulnerability allows local users to extract authentication session tokens from cleartext log files in Vasion Print (formerly PrinterLogic) deployments. Attackers can use these tokens to authenticate remotely to the SaaS environment without valid credentials, potentially gaining unauthorized access to sensitive systems and data. Affected users include those running vulnerable versions of the Virtual Appliance Host or macOS/Linux client deployments.
💻 Affected Systems
- Vasion Print (formerly PrinterLogic) Virtual Appliance Host
- Vasion Print (formerly PrinterLogic) Application
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the SaaS environment with administrative privileges, leading to data exfiltration, system manipulation, and lateral movement within the organization's network.
Likely Case
Unauthorized access to user accounts and sensitive print management data, potentially allowing attackers to view, modify, or delete print jobs and configurations.
If Mitigated
Limited impact if proper access controls, log file permissions, and monitoring are in place to detect and prevent token extraction attempts.
🎯 Exploit Status
Exploitation requires local access to read log files, but the process of extracting tokens and using them for remote authentication is straightforward once local access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Virtual Appliance Host 1.0.735 or later, Application 20.0.1330 or later
Vendor Advisory: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Restart Required: Yes
Instructions:
1. Identify affected systems using version check commands. 2. Download and install the patched versions from official vendor sources. 3. Restart the affected services or systems as required. 4. Verify the patch is applied correctly.
🔧 Temporary Workarounds
Restrict Log File Permissions
linuxChange permissions on log files to prevent unauthorized local users from reading them.
chmod 640 /path/to/vasion/logs/*.log
chown root:vasion /path/to/vasion/logs/*.log
Rotate and Secure Session Tokens
allForce session token rotation and implement additional authentication factors.
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to systems running vulnerable software
- Enable comprehensive logging and monitoring for unauthorized access attempts to log files and suspicious authentication patterns
🔍 How to Verify
Check if Vulnerable:
Check version numbers in system configuration or using vendor-provided version check utilities. Examine log files for presence of cleartext session tokens (PHPSESSID, XSRF-TOKEN, laravel_session).Check Version:
Consult vendor documentation for specific version check commands as they vary by deployment type.Verify Fix Applied:
Confirm version is 1.0.735 or later for Virtual Appliance Host, or 20.0.1330 or later for Application. Verify log files no longer contain cleartext session tokens.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to log files
- Multiple authentication attempts using extracted session tokens
- Log entries containing cleartext session tokens
Network Indicators:
- Unusual authentication patterns from unexpected IP addresses
- Multiple session creations in short timeframes
SIEM Query:
source="vasion_logs" AND (event="log_file_access" OR token="PHPSESSID" OR token="XSRF-TOKEN" OR token="laravel_session")🔗 References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-leak-secrets
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-local-log-disclosure-of-cleartext-sessions
