Server-Side Request Forgery in Vasion Print Virtual Appliance and Application

CVE-2025-34228

What is CVE-2025-34228?

Vasion Print, previously known as PrinterLogic, has a vulnerability in its Virtual Appliance Host and Application that exposes a server-side request forgery (SSRF) risk. This occurs through an unauthenticated script located at /var/www/app/console_release/lexmark/update.php, which can be accessed from the internet. The flaw arises as the PHP script constructs URLs using user-supplied inputs and executes them via curl_exec() or file_get_contents() without adequate input validation. Consequently, external attackers have the potential to manipulate the server into making requests to its internal resources, paving the way for network reconnaissance, potential data exfiltration, or the ability to pivot within the internal network. Although there is a fix available, the specific timing of when the patch was deployed remains unspecified.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References