CVE-2025-34231

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application are affected by a server-side request forgery (SSRF) issue. The /var/www/app/console release/hp/badgeSetup.php script is accessible without authentication and constructs URLs from user-controlled parameters. The processCurl() function and PHP’s file get contents() function are used without proper validation of the hostname or URL, allowing attackers to make arbitrary HTTP requests to internal resources. This can lead to internal network reconnaissance, credential leakage, pivoting, and data exfiltration. The hostname/URL is taken directly from the request without any restrictions.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.