CVE-2025-34217 in Print Virtual Appliance Host
Summary
by MITRE • 09/30/2025
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matching private key gives an attacker root access to the appliance.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/07/2025
The vulnerability identified as CVE-2025-34217 affects Vasion Print Virtual Appliance Host and Application deployments across both on-premise and cloud environments. This critical security flaw stems from a fundamental misconfiguration in the appliance's authentication and authorization mechanisms, specifically involving an undocumented administrative user account that persists across all deployments. The presence of a hardcoded SSH public key in the authorized_keys file represents a severe deviation from security best practices and creates an inherent backdoor that undermines the appliance's security posture.
The technical implementation of this vulnerability involves a hardcoded SSH public key located in the standard SSH authorized_keys file path, which is typically found at ~/.ssh/authorized_keys for user accounts. This hardcoded key is associated with a user account named 'printerlogic' that is not documented in standard deployment procedures or security documentation. The vulnerability is further compounded by the existence of a sudoers configuration that grants members of the printerlogic_ssh group unrestricted sudo access with NOPASSWD: ALL privileges, effectively creating a path to root access without authentication requirements. This configuration directly violates principle of least privilege and creates a persistent backdoor that persists across system reboots and updates.
The operational impact of this vulnerability is severe and far-reaching, as it provides attackers with a direct path to full system compromise without requiring any prior authentication or exploitation of other vulnerabilities. The possession of the corresponding private key allows an attacker to establish an SSH session with root privileges, enabling complete control over the appliance's functionality, data access, and system configuration. This vulnerability affects both Host and SaaS deployments, meaning that organizations using either deployment model are equally at risk, potentially creating a widespread impact across multiple environments. The hardcoded nature of the key means that this vulnerability exists regardless of password changes, system updates, or other security measures that might otherwise protect the system.
Organizations should immediately implement comprehensive mitigations including the removal of the hardcoded SSH public key from authorized_keys files, deletion of the printerlogic user account, and revocation of the printerlogic_ssh group sudo privileges. The sudoers configuration should be reviewed and modified to ensure that no NOPASSWD: ALL rules exist for groups that do not require such elevated privileges. Additionally, security teams should conduct thorough audits of all SSH configurations and authorized_keys files to identify any other hardcoded keys or unauthorized accounts. This vulnerability aligns with CWE-798, which addresses the use of hardcoded credentials, and represents a significant risk under ATT&CK framework's T1078.004 technique for valid accounts and T1566.001 for spearphishing attachments, as the hardcoded credentials provide persistent access that can be leveraged for further attacks. The vulnerability also demonstrates weaknesses in the principle of least privilege and secure configuration management, requiring organizations to implement robust change management and security auditing procedures to prevent similar issues from occurring in the future.