Hardcoded SSL Key Vulnerability in Vasion Print Virtual Appliance and Application
CVE-2025-34211

9.3CRITICAL

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34211?

The Vasion Print Virtual Appliance and Application expose a serious vulnerability due to a hardcoded private SSL key and public certificate stored in cleartext. The private key, which is associated with the hostname 'pl-local.com', is essential for terminating TLS connections on standard ports 80 and 443. This vulnerability allows an attacker with container-level access to easily retrieve the private key, leading to potential decryption of secured TLS traffic, execution of man-in-the-middle attacks, and forgery of TLS certificates. Such exploitation can result in the impersonation of the appliance's web interface, interception of sensitive credentials, and unauthorized access to any service that relies on the SSL certificate. The uniformity of this private key across all deployments magnifies the risk, as a breach in one appliance jeopardizes the confidentiality of all installations.

Affected Version(s)

Print Application * < 20.0.2786

Print Virtual Appliance Host * < 22.0.1049

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34211 : Hardcoded SSL Key Vulnerability in Vasion Print Virtual Appliance and Application