CVE-2025-34218

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049and Application prior to version 20.0.2786(VA/SaaS deployments)expose internal Docker containers through the gwDocker instance.  The gateway publishes a /meta endpointwhich lists every microservice container together with version information.These containers are reachable directly over HTTP/HTTPSwithout any accesscontrol list (ACL), authentication or ratelimiting.Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denialofservice of the entire appliance.The root cause is the absence of authentication and networklevel restrictions on the APIgateways proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface.This vulnerability has been identified by the vendor as: V-2024-030  Exposed Internal Docker Instance (LAN).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-exposed-docker-instances
https://www.vulncheck.com/advisories/vasion-print-printerlogic-exposed-internal-docker-instance