PT-2025-39893 · Printerlogic · Vasion Print Application+1

Pierre Barre

Published

2025-09-29

Updated

2025-09-30

CVE-2025-34230

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description The software contains a blind server-side request forgery (SSRF) issue reachable via the /var/www/app/console release/hp/log off single sign on.php script. An unauthenticated user can exploit this. The software stores a printer’s host name in the variable printer vo->str host address and then builds a URL using this value, sending the request with curl without any validation, whitelisting, or private-network filtering. An attacker can probe internal services, trigger internal actions, or gather intelligence.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.

Exploit

Fix

Missing Authentication

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-918

Related Identifiers

CVE-2025-34230

Affected Products

Vasion Print Application

Vasion Print Virtual Appliance Host

PT-2025-39893 · Printerlogic · Vasion Print Application+1

CVE-2025-34230

Weakness Enumeration

Related Identifiers

Affected Products

References · 8