Supply Chain Vulnerability in Vasion Print Products
CVE-2025-34212
Key Information:
- Vendor
Vasion
- Vendor
- CVE Published:
- 29 September 2025
What is CVE-2025-34212?
Vasion Print (formerly PrinterLogic) has exposed significant vulnerabilities within its build pipeline. Prior versions of the Virtual Appliance Host and Application are affected due to the use of unverified third-party images and insecure download practices. Specifically, the system downloads the VirtualBox Extension Pack over unencrypted HTTP without any signature validation. Additionally, the Jenkins account is configured with NOPASSWD permissions for mount and umount, creating a risk for supply chain attacks or man-in-the-middle exploits. These weaknesses may allow unauthorized attackers to inject malicious firmware and execute remote code with root privileges on the continuous integration host.
Affected Version(s)
Print Application * < 20.0.1923
Print Virtual Appliance Host * < 22.0.843