CVE-2025-34215

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1026 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2702

Description The Vasion Print Virtual Appliance Host and Application deployments are affected by an unauthenticated firmware-upload flow. A public page provides a signed token usable at the /va-api/v1/update API endpoint. The Docker images contain the appliance’s private GPG key and a hard-coded passphrase. An attacker can extract the key, obtain a token, decrypt, modify, re-sign, upload, and trigger malicious firmware, potentially gaining remote code execution.

Recommendations Update Vasion Print Virtual Appliance Host to version 22.0.1026 or later. Update Vasion Print Application to version 20.0.2702 or later.