Vasion Print (formerly PrinterLogic) Insecure Use of file_get_contents()_CVE-2025-34233

8.5 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When an administrator configures a printer’s hostname (or similar callback field), the value is passed unchecked to PHP’s file_get_contents()/cURL functions, which follow redirects and impose no allow‑list, scheme, or IP‑range restrictions. An admin‑level attacker can therefore point the hostname to a malicious web server that issues a 301 redirect to internal endpoints such as the AWS EC2 metadata service. The server follows the redirect, retrieves the metadata, and returns or stores the credentials, enabling the attacker to steal cloud IAM keys, enumerate internal services, and pivot further into the SaaS infrastructure. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Basic Information

ID CVE-2025-34233

Source VulnCheck

Published Sep 29, 2025 at 20:38

Affected Product

Vendor Vasion

Product Print Virtual Appliance Host

Version *

Affected Versions Vasion Print Virtual Appliance Host *
Vasion Print Application *

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function.\u00a0When an administrator configures a printer\u2019s hostname (or similar callback field), the value is passed unchecked to PHP\u2019s file_get_contents()/cURL functions, which follow redirects and impose no allow\u2011list, scheme, or IP\u2011range restrictions. An admin\u2011level attacker can therefore point the hostname to a malicious web server that issues a 301 redirect to internal endpoints such as the AWS EC2 metadata service.\u00a0The server follows the redirect, retrieves the metadata, and returns or stores the credentials, enabling the attacker to steal cloud IAM keys, enumerate internal services, and pivot further into the SaaS infrastructure. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.",
    "published": "2025-09-29T20:38:49.403Z",
    "modified": "2025-09-29T20:38:49.403Z",
    "type": "cve",
    "title": "Vasion Print (formerly PrinterLogic) Insecure Use of file_get_contents()",
    "source": "VulnCheck",
    "references": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-use-file_get_contents\nhttps://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm\nhttps://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm\nhttps://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-use-of-file-get-contents-function",
    "id": "CVE-2025-34233",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Vasion Print Virtual Appliance Host *\nVasion Print Application *",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Print Virtual Appliance Host",
    "version": "*",
    "vendor": "Vasion",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}