CVE-2025-34204
Severity CVSS v4.0:
HIGH
Type:
CWE-269
Improper Privilege Management
Publication date:
19/09/2025
Last modified:
19/09/2025
Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP workers, Node.js servers and custom binaries) as the root user. This increases the blast radius of a container compromise and enables lateral movement and host compromise when a container is breached.
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH
References to Advisories, Solutions, and Tools
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-processes-running-as-root
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-processes-running-as-root-inside-docker-instances