Login Sign Up

CVE-2025-34229

5.8 MEDIUM
SSRF

📋 TL;DR

This CVE describes a blind server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows unauthenticated attackers to make HTTP requests from the vulnerable server to internal network services. The vulnerability affects Virtual Appliance Host versions before 25.1.102 and Application versions before 25.1.1413 in VA/SaaS deployments. Attackers can probe internal services, trigger internal actions, or gather intelligence about the network.

💻 Affected Systems

Products:
  • Vasion Print (formerly PrinterLogic) Virtual Appliance Host
  • Vasion Print (formerly PrinterLogic) Application
Versions: Virtual Appliance Host prior to 25.1.102, Application prior to 25.1.1413
Operating Systems: Not specified - affects the appliance/application regardless of underlying OS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects VA/SaaS deployments. The vulnerability is in the /var/www/app/console_release/hp/installApp.php script.

📦 What is this software?

Virtual Appliance Application by Vasion

View all CVEs affecting Virtual Appliance Application →

Virtual Appliance Host by Vasion

View all CVEs affecting Virtual Appliance Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could use the vulnerable server as a proxy to attack internal systems, potentially accessing sensitive internal services, triggering destructive actions on internal systems, or mapping the internal network for further attacks.

🟠

Likely Case

Attackers will use this to probe internal services, identify internal systems, and gather intelligence about the network architecture for potential lateral movement or further attacks.

🟢

If Mitigated

With proper network segmentation and egress filtering, the impact is limited to information disclosure about internal services that respond to HTTP requests on port 80.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted requests to trigger the vulnerable PHP script. The vulnerability is blind SSRF, meaning attackers cannot directly see response data but can infer results based on timing or error responses.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Virtual Appliance Host 25.1.102 or later, Application 25.1.1413 or later

Vendor Advisory: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Restart Required: No

Instructions:

1. Identify your current Vasion Print version. 2. Upgrade Virtual Appliance Host to version 25.1.102 or later. 3. Upgrade Application to version 25.1.1413 or later. 4. Verify the patch by checking that the vulnerable script no longer makes unfiltered curl requests.

🔧 Temporary Workarounds

Block access to vulnerable script

all

Restrict access to the vulnerable PHP script using web server configuration or firewall rules

# Apache: Add to .htaccess or virtual host config
<Files "installApp.php">
    Order deny,allow
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /installApp\.php$ {
    deny all;
    return 403;
}

Network egress filtering

linux

Implement egress filtering on the Vasion Print server to restrict outbound HTTP requests to internal networks

# Example iptables rule to block outbound HTTP from Vasion Print to internal networks
iptables -A OUTPUT -p tcp --dport 80 -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -p tcp --dport 80 -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -p tcp --dport 80 -d 192.168.0.0/16 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the Vasion Print server from sensitive internal networks
  • Deploy a web application firewall (WAF) with SSRF protection rules in front of the Vasion Print application

🔍 How to Verify

Check if Vulnerable:

Check if the file /var/www/app/console_release/hp/installApp.php exists and contains curl calls without proper validation of the $printer_vo->str_host_address variable

Check Version:

Check the Vasion Print administration interface or configuration files for version information. For Virtual Appliance: Check appliance management interface. For Application: Check application settings or about page.

Verify Fix Applied:

Verify that the vulnerable script has been updated to validate or sanitize the host address parameter before making curl requests, or that the script has been removed/disabled

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to /var/www/app/console_release/hp/installApp.php with crafted host parameters
  • Outbound HTTP requests from the Vasion Print server to internal IP addresses on port 80
  • Multiple failed connection attempts from Vasion Print to various internal IPs

Network Indicators:

  • HTTP traffic from Vasion Print server to internal systems on port 80 with User-Agent containing curl
  • Unusual outbound traffic patterns from the Vasion Print server scanning internal network ranges

SIEM Query:

source="vasion-print-logs" AND uri="/console_release/hp/installApp.php" AND (host_address CONTAINS "10." OR host_address CONTAINS "172." OR host_address CONTAINS "192.168.")

📊 Metadata

CVE ID: CVE-2025-34229
CVSS v3 Score: 5.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE: CWE-306
EPSS Score: 0.07% exploit probability (20.6th percentile)
Published: September 29, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34229, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)