Blind Server-Side Request Forgery Vulnerability in Vasion Print by PrinterLogic
CVE-2025-34229

6.9MEDIUM

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34229?

Vasion Print, formerly known as PrinterLogic, is affected by a blind server-side request forgery (SSRF) vulnerability. This flaw exists in the Virtual Appliance Host versions before 25.1.102 and the Application versions prior to 25.1.1413 (VA/SaaS deployments). An unauthenticated user can exploit this vulnerability via the /var/www/app/console_release/hp/installApp.php script. When a printer is registered, the software improperly stores the printer's host name, leading to unvalidated requests to internal services. This can enable attackers to navigate the internal network, trigger actions on internal services, or gather sensitive information, despite being unobservable due to the blind nature of the request. The vulnerability requires remediation, but details regarding the introduction of the patch remain unclear.

Affected Version(s)

Print Application * < 25.1.1413

Print Virtual Appliance Host * < 25.1.102

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34229 : Blind Server-Side Request Forgery Vulnerability in Vasion Print by PrinterLogic