Server-Side Request Forgery in Vasion Print Virtual Appliance and Application
CVE-2025-34225
8.8HIGH
Key Information:
- Vendor
Vasion
- Vendor
- CVE Published:
- 29 September 2025
What is CVE-2025-34225?
The Vasion Print Virtual Appliance and Application are affected by a server-side request forgery vulnerability, allowing unauthenticated access to the 'console_release' directory over the internet. This exposes numerous PHP scripts that construct URLs from user-supplied input, executing commands like 'curl_exec()' or 'file_get_contents()' without adequate validation. While some files attempt to mitigate SSRF risks through filter checks, these efforts are insufficient. As a result, this vulnerability permits unauthorized remote attackers to probe internal resources, leading to potential data exfiltration or lateral movement within the network.
Affected Version(s)
Print Application * < 25.1.1413
Print Virtual Appliance Host * < 25.1.102