Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance_CVE-2025-34218

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire appliance. The root cause is the absence of authentication and network‑level restrictions on the API‑gateway’s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface. This vulnerability has been identified by the vendor as: V-2024-030 — Exposed Internal Docker Instance (LAN).

Basic Information

ID CVE-2025-34218

Source VulnCheck

Published Sep 29, 2025 at 20:34

Affected Product

Vendor Vasion

Product Print Virtual Appliance Host

Version *

Affected Versions Vasion Print Virtual Appliance Host *
Vasion Print Application *

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049\u00a0and Application prior to version 20.0.2786\u00a0(VA/SaaS deployments)\u00a0expose internal Docker containers through the gw\u00a0Docker instance.  The gateway publishes a /meta endpoint\u00a0which lists every micro\u2011service container together with version information.\u00a0These containers are reachable directly over HTTP/HTTPS\u00a0without any access\u2011control list (ACL), authentication or rate\u2011limiting.\u00a0Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial\u2011of\u2011service of the entire appliance.\u00a0The root cause is the absence of authentication and network\u2011level restrictions on the API\u2011gateway\u2019s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface.\u00a0This vulnerability has been identified by the vendor as: V-2024-030 \u2014 Exposed Internal Docker Instance (LAN).",
    "published": "2025-09-29T20:34:23.512Z",
    "modified": "2025-09-29T20:34:23.512Z",
    "type": "cve",
    "title": "Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance",
    "source": "VulnCheck",
    "references": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-exposed-docker-instances\nhttps://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm\nhttps://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm\nhttps://www.vulncheck.com/advisories/vasion-print-printerlogic-exposed-internal-docker-instance",
    "id": "CVE-2025-34218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Vasion Print Virtual Appliance Host *\nVasion Print Application *",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Print Virtual Appliance Host",
    "version": "*",
    "vendor": "Vasion",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}