Authentication Bypass in Vasion Print's Virtual Appliance Host and Application
CVE-2025-34221

10CRITICAL

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34221?

Vasion Print's Virtual Appliance Host and Application versions prior to the specified updates allow unrestricted traffic to internal Docker containers. This oversight results in a lack of required authentication, leading to unauthorized access to internal APIs. Attackers can exploit this entry point to interact with services, leading to risks such as credential theft, manipulation of configurations, and potential remote code execution. The vulnerability is commonly categorized as an authentication bypass affecting the security integrity of the product.

Affected Version(s)

Print Application * < 25.2.1518

Print Virtual Appliance Host * < 25.2.169

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34221 : Authentication Bypass in Vasion Print's Virtual Appliance Host and Application