CVE-2025-34218

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 Vasion Print (formerly PrinterLogic) Application versions prior to 20.0.2786

Description The Vasion Print Virtual Appliance Host and Application expose internal Docker containers without authentication or access controls. The gateway publishes a /meta endpoint listing micro-service containers and their versions, which are directly reachable over HTTP/HTTPS. This allows attackers on the LAN or the Internet to enumerate services, interact with APIs as unauthenticated users, and potentially cause information disclosure, privilege escalation within the container, or denial-of-service. The root cause is the lack of authentication and network restrictions on the API gateway’s proxy to internal Docker containers, creating a public attack surface.

Recommendations Update Vasion Print Virtual Appliance Host to version 22.0.1049 or later. Update Vasion Print Application to version 20.0.2786 or later.