An issue with the PaperCut Hive Ricoh embedded application causes administrative credentials to be recorded in plain text within log files when Deep Logging mode is enabled. This flaw is a classic example of CWE‑532, where sensitive information is inadvertently persisted in logs. The consequence is confidentiality loss, allowing attackers to obtain device passwords that could be used to reconfigure or otherwise compromise the physical print hardware.

The vulnerability affects the PaperCut Hive product from PaperCut. No specific affected version numbers are supplied in the advisory, so any installation that supports Deep Logging should be considered at risk until a vendor update is applied.

The CVSS score of 5.9 indicates moderate severity. The advisory does not provide an EPSS score, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited commercial exploitation so far. However, exploitation requires an attacker to have administrative access to the PaperCut Hive management portal to enable Deep Logging; once active, any subsequent legitimate user login will generate logs containing the passwords, which the attacker can harvest. This lateral capability can enable unauthorized configuration or remote control of the physical print devices.