CVE-2025-34225

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description The software contains a server-side request forgery (SSRF) vulnerability. The console release directory is accessible from the internet without authentication. This directory includes multiple PHP scripts that construct URLs from user-supplied data and then use curl exec() or file get contents() without sufficient validation. While some files attempt to mitigate SSRF using filter var(), these checks are not comprehensive. An unauthenticated remote attacker can provide a hostname, allowing the server to make requests to internal resources, potentially enabling internal network reconnaissance, pivoting, or data exfiltration.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.