Vasion Print Insecure Shared Storage Permissions Vulnerability
Vulnerability
A vulnerability exists in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application in both VA and SaaS deployments. The issue arises because the application mounts host configuration and secret materials into various Docker containers with overly permissive filesystem permissions. This misconfiguration allows sensitive files, such as environment secrets, GPG-encrypted blobs, MySQL client keys, and application session files, to be accessed from multiple containers. An attacker who gains control of or accesses any affected container can read or modify these files, potentially leading to credential theft, remote code execution via the Laravel APP_KEY, Portainer takeover, and a full system compromise.
Impact
Exploitation of this vulnerability allows for unauthorized access to sensitive files across multiple Docker containers, leading to credential theft and remote code execution. Additionally, this vulnerability could be exploited to take over Portainer, a management tool for Docker, and achieve a full system compromise.
Remediation
Users can update to Vasion Print, Virtual Appliance Host v25.2.169 and Application v25.2.1518, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.