CVE-2025-34230 – This CVE describes a blind server-side request ... (How to Fix)

Q: What is the severity of CVE-2025-34230?

CVE-2025-34230 has a CVSS score of 5.8 (MEDIUM). This CVE describes a blind server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows unauthenticated attackers to make HTTP requests from the vulnerable server to internal network services. The vulnerability exists in the printer registration process where printer hostnames are used without validation to construct URLs. This affects organizations using Vasion Print Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413.

📋 TL;DR

This CVE describes a blind server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) that allows unauthenticated attackers to make HTTP requests from the vulnerable server to internal network services. The vulnerability exists in the printer registration process where printer hostnames are used without validation to construct URLs. This affects organizations using Vasion Print Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413.

💻 Affected Systems

Products:

Vasion Print Virtual Appliance Host
Vasion Print Application

Versions: Virtual Appliance Host prior to 25.1.102, Application prior to 25.1.1413

Operating Systems: Not specified - likely appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both VA (Virtual Appliance) and SaaS deployments. Vulnerability is in the /var/www/app/console_release/hp/log_off_single_sign_on.php script.

📦 What is this software?

Virtual Appliance Application by Vasion

View all CVEs affecting Virtual Appliance Application →

Virtual Appliance Host by Vasion

View all CVEs affecting Virtual Appliance Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could probe internal services, trigger actions on internal systems, perform port scanning, or potentially chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Internal network reconnaissance, service enumeration, and potential data leakage from internal services that respond to HTTP requests.

🟢

If Mitigated

Limited to blind SSRF with no direct data exfiltration, but still enables internal network probing.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible without authentication and can be exploited remotely.

🏢 Internal Only: MEDIUM - While the vulnerability exists, exploitation from internal networks would still require access to the vulnerable endpoint.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted requests to trigger printer registration with malicious hostnames. The vulnerability is blind, meaning attackers cannot directly see responses.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Virtual Appliance Host 25.1.102 or later, Application 25.1.1413 or later

Vendor Advisory: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Restart Required: No

Instructions:

1. Update Virtual Appliance Host to version 25.1.102 or later. 2. Update Application to version 25.1.1413 or later. 3. Verify the patch by checking version numbers and testing the vulnerable endpoint.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the vulnerable endpoint using firewall rules or web application firewall (WAF) rules.

Endpoint Access Control

all

Implement authentication or IP whitelisting for the /var/www/app/console_release/hp/log_off_single_sign_on.php endpoint.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the Vasion Print server from sensitive internal networks
Deploy a web application firewall (WAF) with SSRF protection rules to block malicious requests

🔍 How to Verify

Check if Vulnerable:

Check if the /var/www/app/console_release/hp/log_off_single_sign_on.php endpoint is accessible without authentication and accepts printer registration requests with arbitrary hostnames.

Check Version:

Check version through Vasion Print administration interface or consult vendor documentation for version checking commands.

Verify Fix Applied:

Verify the software version meets or exceeds the patched versions (VA Host ≥25.1.102, Application ≥25.1.1413) and test that the endpoint no longer processes malicious hostname values.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /var/www/app/console_release/hp/log_off_single_sign_on.php
Printer registration attempts with unusual hostnames or IP addresses
Outbound HTTP requests from the server to internal IP ranges on port 80

Network Indicators:

HTTP requests from Vasion Print server to internal IP addresses on port 80
Unusual outbound traffic patterns from the server

SIEM Query:

source_ip="Vasion_Print_Server_IP" AND dest_port=80 AND dest_ip IN (RFC1918_ranges) AND http_user_agent LIKE "%curl%"

📊 Metadata

CVE ID: CVE-2025-34230

CVSS v3 Score: 5.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE: CWE-306

EPSS Score: 0.07% exploit probability (20.6th percentile)

Published: September 29, 2025

Last Updated: October 9, 2025

🔗 References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-06 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-hp-log-off-single-sign-on-php-script Third Party Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-06 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34230, you might also want to check these: