CVE-2025-34199

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2786

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application deployments contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. The application disables CURLOPT SSL VERIFYHOST and CURLOPT SSL VERIFYPEER options, and environment variables such as API * VERIFYSSL=false are used to disable verification for gateway and microservice endpoints. This allows the client to accept TLS connections without validating server certificates, and in some cases, uses clear-text HTTP, enabling on-path attackers to perform man-in-the-middle (MitM) attacks. An attacker intercepting network traffic can eavesdrop on and modify sensitive data, including print jobs, configuration, and authentication tokens, inject malicious payloads, or disrupt service.

Recommendations Update Vasion Print Virtual Appliance Host to version 22.0.1049 or later. Update Vasion Print Application to version 20.0.2786 or later.