CVE-2025-34211

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2786

Description The Vasion Print Virtual Appliance Host and Application store a private SSL key and its corresponding public certificate in cleartext. The key is associated with the hostname pl‑local.com and is used to terminate TLS connections on ports 80 and 443. An attacker with container-level access can obtain the private key, enabling decryption of TLS traffic, man-in-the-middle attacks, and the forging of TLS certificates. This allows for impersonation of the appliance’s web UI, interception of credentials, and unrestricted access to trusted services. The key is identical across all deployments, meaning a single compromise affects all Vasion Print installations.

Recommendations Update Vasion Print Virtual Appliance Host to version 22.0.1049 or later. Update Vasion Print Application to version 20.0.2786 or later.