Blind Server-Side Request Forgery in Vasion Print Virtual Appliance
CVE-2025-34230

6.9MEDIUM

Key Information:

Vendor

Vasion

Status
Print Virtual Appliance Host
Print Application
Vendor
CVE Published:
29 September 2025

What is CVE-2025-34230?

The Vasion Print Virtual Appliance, formerly PrinterLogic, prior to versions 25.1.102 for the Virtual Appliance Host and 25.1.1413 for the Application, contains a blind server-side request forgery (SSRF) vulnerability. This issue can be exploited by unauthenticated users through the /var/www/app/console_release/hp/log_off_single_sign_on.php script. The vulnerability arises when the product registers a printer and stores its host name without performing sufficient validation. Attackers can leverage this flaw to probe internal services, trigger unintended actions within the network, or gather sensitive information despite being unable to see the responses due to the blind nature of the attack. Remediation for this vulnerability has been confirmed, although the exact timing of the patch availability remains unspecified.

Affected Version(s)

Print Application * < 25.1.1413

Print Virtual Appliance Host * < 25.1.102

References

https://pierrekim.github.io/blog/2025-04-08-vasion-printe...
technical-description
https://help.printerlogic.com/va/Print/Security/Security-...
vendor-advisorypatch
https://help.printerlogic.com/saas/Print/Security/Securit...
vendor-advisorypatch

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Barre
JSON
.
CVE-2025-34230 : Blind Server-Side Request Forgery in Vasion Print Virtual Appliance