CVE-2025-34212

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.843 Vasion Print Application versions prior to 20.0.1923

Description The Vasion Print Virtual Appliance Host and Application have weaknesses in their CI/CD processes. The build process retrieves an unverified third-party image and downloads the VirtualBox Extension Pack over plain HTTP without signature verification. The jenkins account is granted passwordless access for mount and unmount operations. These issues could allow for supply chain compromise, man-in-the-middle attacks, malicious firmware injection, and remote code execution as root on the CI host.

Recommendations Update the Virtual Appliance Host to version 22.0.843 or later. Update the Application to version 20.0.1923 or later.