CVE-2025-34206— Vasion Print和Vasion Print Virtual Appliance Host 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-34206の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Vasion Print (formerly PrinterLogic) Insecure Shared Storage Permissions
ソース: NVD (National Vulnerability Database)
脆弱性説明
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in .secrets, MySQL client keys, and application session files are accessible from multiple containers. An attacker who controls or reaches any container can read or modify these artifacts, leading to credential theft, RCE via Laravel APP_KEY, Portainer takeover, and full compromise.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
关键资源的不正确权限授予
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Vasion Print和Vasion Print Virtual Appliance Host 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Vasion Print和Vasion Print Virtual Appliance Host都是Vasion公司的产品。Vasion Print是一款基于 SaaS 的云托管应用程序,用于管理和部署打印机。Vasion Print Virtual Appliance Host是一个打印管理软件。 Vasion Print Virtual Appliance Host和Vasion Print Application存在安全漏洞,该漏洞源于/var/www/efs_storage下的主机配置和机密材料被
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Vasion | Print Virtual Appliance Host | * | - | |
| Vasion | Print Application (SaaS/VA) | * | - |
II. CVE-2025-34206の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-34206のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Vasion · 2025-09-19 · 18 CVEs total
| CVE-2025-34198 | Vasion Print (formerly PrinterLogic) Shared / Hardcoded SSH Host Private Keys in Appliance | |
| CVE-2025-34190 | Vasion Print (formerly PrinterLogic) PrinterInstallerClientService Authentication Bypass v | |
| CVE-2025-34191 | Vasion Print (formerly PrinterLogic) Arbitrary File Write as Root via Response Path Symlin | |
| CVE-2025-34188 | Vasion Print (formerly PrinterLogic) Local Log Disclosure of Cleartext Sessions | |
| CVE-2025-34205 | Vasion Print (formerly PrinterLogic) Dangerous PHP Dead Code Enables RCE | |
| CVE-2025-34199 | Vasion Print (formerly PrinterLogic) Insecure SSL Verification Allows Man-in-the-Middle At | |
| CVE-2025-34193 | Vasion Print (formerly PrinterLogic) Insecure Windows Components Lack Modern Memory Protec | |
| CVE-2025-34201 | Vasion Print (formerly PrinterLogic) Lack of Network Segmentation Between Docker Instances | |
| CVE-2025-34203 | Vasion Print (formerly PrinterLogic) Use of Outdated, End-Of-Life, and Vulnerable Third-Pa | |
| CVE-2025-34200 | Vasion Print (formerly PrinterLogic) Network Account Password Stored in Cleartext | |
| CVE-2025-34195 | Vasion Print (formerly PrinterLogic) Unquoted Path During Driver Installation Leads to Exe | |
| CVE-2025-34197 | Vasion Print (formerly PrinterLogic) Undocumented Local Account with Hardcoded Password an | |
| CVE-2025-34194 | Vasion Print (formerly PrinterLogic) Local Privilege Escalation via Insecure Temporary Fil | |
| CVE-2025-34204 | Vasion Print (formerly PrinterLogic) Processes Running as Root Inside Docker Instances | |
| CVE-2025-34192 | Vasion Print (formerly PrinterLogic) Usage of Outdated and Unsupported OpenSSL Version | |
| CVE-2025-34189 | Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Ses | |
| CVE-2025-34202 | Vasion Print (formerly PrinterLogic) Insecure Access to Docker Instances WAN |
IV. 関連脆弱性
- CVE-2025-34210
Vasion Print (formerly PrinterLogic) Readable Cleartext Pass - CVE-2025-34208
Vasion Print (formerly PrinterLogic) Insecure Password Hashi - CVE-2025-34217
Vasion Print (formerly PrinterLogic) Undocumented Hardcoded - CVE-2025-34235
Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificat - CVE-2025-34221
Vasion Print (formerly PrinterLogic)
同じベンダー: Vasion
- CVE-2025-34210
Vasion Print (formerly PrinterLogic) Readable Cleartext Pass - CVE-2025-34208
Vasion Print (formerly PrinterLogic) Insecure Password Hashi - CVE-2025-34217
Vasion Print (formerly PrinterLogic) Undocumented Hardcoded - CVE-2025-34235
Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificat - CVE-2025-34221
Vasion Print (formerly PrinterLogic)
同じ弱点: CWE-732
- CVE-2026-41288
WatchGuard Agent on Windows Privilege Escalation Vulnerabili - CVE-2026-41686
Claude SDK for TypeScript has Insecure Default File Permissi - CVE-2026-6499
ILM Informatique OpenConcerto 安全漏洞 - CVE-2026-41366
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLo - CVE-2026-35367
uutils coreutils nohup Information Disclosure via Insecure D
V. CVE-2025-34206へのコメント
まだコメントはありません