CVE-2025-34232

Name of the Vulnerable Software and Affected Versions Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 Vasion Print (formerly PrinterLogic) Application versions prior to 25.1.1413

Description The software contains a blind server-side request forgery (SSRF) issue reachable via the /var/www/app/console release/lexmark/dellCheck.php script. An unauthenticated user can exploit this issue. The software stores a printer’s host name in the printer vo->str host address variable and then builds a URL to send a request using curl without any validation, whitelisting, or private-network filtering. An attacker can probe internal services, trigger internal actions, or gather intelligence.

Recommendations Update Vasion Print Virtual Appliance Host to version 25.1.102 or later. Update Vasion Print Application to version 25.1.1413 or later.