CVE-2025-34228

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description The software contains a server-side request forgery (SSRF) vulnerability. The /var/www/app/console release/lexmark/update.php script is accessible from the internet without authentication. The script constructs URLs from user-controlled values and then uses either curl exec() or file get contents() without proper validation. This allows a remote attacker to supply a hostname and make the server issue requests to internal resources, potentially enabling internal network reconnaissance, pivoting, or data exfiltration.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.