CNNVD-202509-3070 Information
CNNVD ID
CNNVD-202509-3070
Related CVE
- CNNVD Published: 2025-09-19
Description (Chinese)
Vasion Print和Vasion Print Virtual Appliance Host都是Vasion公司的产品。Vasion Print是一款基于 SaaS 的云托管应用程序,用于管理和部署打印机。Vasion Print Virtual Appliance Host是一个打印管理软件。 Vasion Print Virtual Appliance Host和Vasion Print Application存在安全漏洞,该漏洞源于/var/www/efs_storage下的主机配置和机密材料被挂载到多个Docker容器中且文件系统权限过于宽松,可能导致凭据窃取、远程代码执行和完全入侵。
Description (English)
Vasion Print and Vasion Prince Virgin Application Host are both products of Vasion. Vasion Print is a cloud hosting application based on SaaS for the management and deployment of printers. Vasion Prit Virgin Application Host is a print management software. There is a security loophole in Vasion Print Virgin Application Host and Vasion Prince Application, which originates from the host configuration and classified material mounted in multiple Docker containers under /var/www/efs storage and which may lead to theft, remote code execution and complete invasion.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Vela
Published
2025-09-19
Last Modified
2026-02-24
References
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-security-architecture https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-shared-storage-permissions https://access.redhat.com/security/cve/cve-2025-34206