Vasion Print (formerly PrinterLogic)_CVE-2025-34221

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no authentication, ACL or client‑side identifier is required, the attacker can interact with any internal API, bypassing the product’s authentication mechanisms entirely. The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution. This vulnerability has been identified by the vendor as: V-2025-002 — Authentication Bypass - Docker Instances.

Basic Information

ID CVE-2025-34221

Source VulnCheck

Published Sep 29, 2025 at 20:43

Affected Product

Vendor Vasion

Product Print Virtual Appliance Host

Version *

Affected Versions Vasion Print Virtual Appliance Host *
Vasion Print Application *

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169\u00a0and Application prior to version 25.2.1518\u00a0(VA/SaaS deployments)\u00a0expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.\u00a0Because no authentication, ACL or client\u2011side identifier\u00a0is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.\u00a0The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.\u00a0This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances.",
    "published": "2025-09-29T20:43:36.637Z",
    "modified": "2025-09-29T20:43:36.637Z",
    "type": "cve",
    "title": "Vasion Print (formerly PrinterLogic)",
    "source": "VulnCheck",
    "references": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass\nhttps://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm\nhttps://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm\nhttps://www.vulncheck.com/advisories/vasion-print-printerlogic-unrestriced-access-to-docker-bridge-network",
    "id": "CVE-2025-34221",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Vasion Print Virtual Appliance Host *\nVasion Print Application *",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Print Virtual Appliance Host",
    "version": "*",
    "vendor": "Vasion",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}