Login Sign Up

CVE-2025-34231

8.6 HIGH
SSRF

📋 TL;DR

This CVE describes an unauthenticated server-side request forgery (SSRF) vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application. Attackers can force the server to make arbitrary HTTP requests to internal resources, enabling network reconnaissance, credential theft, and data exfiltration. Organizations using affected versions of Vasion Print Virtual Appliance Host prior to 25.1.102 or Application prior to 25.1.1413 are vulnerable.

💻 Affected Systems

Products:
  • Vasion Print Virtual Appliance Host
  • Vasion Print Application
Versions: Virtual Appliance Host prior to 25.1.102, Application prior to 25.1.1413
Operating Systems: Linux (Virtual Appliance)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects VA/SaaS deployments. The vulnerable script '/var/www/app/console_release/hp/badgeSetup.php' is internet-accessible without authentication by default.

📦 What is this software?

Virtual Appliance Application by Vasion

View all CVEs affecting Virtual Appliance Application →

Virtual Appliance Host by Vasion

View all CVEs affecting Virtual Appliance Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full internal network compromise including credential harvesting from internal services, lateral movement to critical systems, and exfiltration of sensitive data.

🟠

Likely Case

Internal network reconnaissance, credential leakage from vulnerable internal services, and potential data exfiltration from accessible endpoints.

🟢

If Mitigated

Limited impact due to network segmentation, outbound filtering, and internal service hardening, though initial foothold remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP requests with crafted parameters. Public technical details and proof-of-concept information are available in referenced advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Virtual Appliance Host 25.1.102+, Application 25.1.1413+

Vendor Advisory: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Restart Required: Yes

Instructions:

1. Update Virtual Appliance Host to version 25.1.102 or later. 2. Update Application to version 25.1.1413 or later. 3. Restart affected services. 4. Verify the patch is applied by checking version numbers.

🔧 Temporary Workarounds

Block access to vulnerable endpoint

linux

Restrict access to the vulnerable '/var/www/app/console_release/hp/badgeSetup.php' script using web server configuration or firewall rules.

# Apache: Add to .htaccess or virtual host config
<Files "badgeSetup.php">
    Order deny,allow
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /badgeSetup\.php$ {
    deny all;
    return 403;
}

Implement network filtering

linux

Restrict outbound HTTP/HTTPS requests from the Vasion Print server to only necessary destinations using firewall rules.

# Example iptables rules to restrict outbound HTTP/HTTPS
# Allow only specific destinations
iptables -A OUTPUT -p tcp --dport 80 -d trusted.server.com -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -d trusted.server.com -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate the Vasion Print server from sensitive internal resources.
  • Deploy a web application firewall (WAF) with SSRF protection rules in front of the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Check if the file '/var/www/app/console_release/hp/badgeSetup.php' exists and is accessible without authentication via HTTP request. Test with a controlled external service to confirm SSRF capability.

Check Version:

# Check Virtual Appliance Host version
grep -i version /path/to/vasion/config
# Check Application version via web interface or configuration files

Verify Fix Applied:

Verify version numbers meet patched requirements and test that the badgeSetup.php endpoint no longer processes arbitrary URLs or returns appropriate access controls.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to '/badgeSetup.php' with URL parameters
  • Outbound HTTP requests from the Vasion Print server to unexpected internal or external destinations
  • Failed authentication attempts followed by badgeSetup.php access

Network Indicators:

  • HTTP traffic from Vasion Print server to internal services not normally accessed
  • Unusual port scanning activity originating from the Vasion Print server

SIEM Query:

source="vasion_logs" AND (uri="/badgeSetup.php" OR uri="/console_release/hp/badgeSetup.php") AND (param="url" OR param="host" OR param="target")

📊 Metadata

CVE ID: CVE-2025-34231
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-306
EPSS Score: 0.47% exploit probability (63.9th percentile)
Published: September 29, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34231, you might also want to check these:

CVE-2025-32433 10.0

This CVE describes a critical vulnerability in Erlang/OTP's SSH server that allows unauthenticated r...

Same vulnerability type (CWE-306)
CVE-2026-23693 10.0

The ElementsKit Lite WordPress plugin versions before 3.7.9 expose an unauthenticated REST endpoint ...

Same vulnerability type (CWE-306)
CVE-2025-58083 10.0

The General Industrial Controls Lynx+ Gateway has a critical authentication bypass vulnerability in ...

Same vulnerability type (CWE-306)