Remote Code Execution Vulnerability in Vasion Print by PrinterLogic
CVE-2025-34216

10CRITICAL

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34216?

The Vasion Print Virtual Appliance Host and Application versions prior to 22.0.1026 and 20.0.2702, respectively, contain unauthenticated REST API endpoints that leak sensitive configuration files, including cleartext passwords and the Laravel APP_KEY critical for cryptographic signing. Exploiting this vulnerability allows malicious actors to generate signed requests that may enable remote code execution on the appliance, posing a significant security risk.

Affected Version(s)

Print Application * < 20.0.2702

Print Virtual Appliance Host * < 22.0.1026

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34216 : Remote Code Execution Vulnerability in Vasion Print by PrinterLogic