Unauthenticated Access to Admin Routes in Vasion Print Virtual Appliance
CVE-2025-34222
Key Information:
- Vendor
Vasion
- Vendor
- CVE Published:
- 29 September 2025
What is CVE-2025-34222?
Vasion Print (formerly PrinterLogic) has a significant security flaw in its Virtual Appliance Host and application, where four critical admin routes are exposed without proper authentication checks. These routes allow unauthenticated attackers to upload malicious TLS/SSL certificates, delete existing trusted certificates, and download stored certificates. The vulnerability exists in routes managed by the HPCertificateController class, raising serious concerns regarding the integrity and trust of the certificate system used by the appliance. This exposes organizations to potential data breaches and compromised communications, making the timely application of patches essential for maintaining security.
Affected Version(s)
Print Application * < 20.0.2786
Print Virtual Appliance Host * < 22.0.1049