Vasion Print Virtual Appliance Host/Print Application Installation Web Interface update_database.php root_user/root_password hard-coded credentials

Summaryinfo

A vulnerability has been found in Vasion Print Virtual Appliance Host and Print Application and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/query/update_database.php of the component Installation Web Interface. The manipulation of the argument root_user/root_password leads to hard-coded credentials. This vulnerability is referenced as CVE-2025-34223. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Vasion Print Virtual Appliance Host and Print Application (the affected version unknown). This issue affects an unknown part of the file /admin/query/update_database.php of the component Installation Web Interface. The manipulation of the argument root_user/root_password with an unknown input leads to a hard-coded credentials vulnerability. Using CWE to declare the problem leads to CWE-798. The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker‑controlled ones. The script also contains hard‑coded SHA‑512 and SHA‑1 hashes of the default password, allowing the attacker to bypass password‑policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup. This vulnerability has been identified by the vendor as: V-2024-022 — Insecure Installation Credentials.

The weakness was published by Pierre Barre. It is possible to read the advisory at pierrekim.github.io. The identification of this vulnerability is CVE-2025-34223 since 04/15/2025. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1110.001 according to MITRE ATT&CK.

By approaching the search of inurl:admin/query/update_database.php it is possible to find vulnerable targets with Google Hacking.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at EUVD (EUVD-2025-31638) and CERT Bund (WID-SEC-2025-2162). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Vasion Print

Productinfo

Vendor

• Vasion

Name

• Print Application
• Print Virtual Appliance Host

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion