CVE-2025-34229

29.09.2025, 21:15

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102and Application prior to version 25.1.1413(VA/SaaS deployments) contain ablind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/installApp.php script that can be exploited by an unauthenticated user. When a printer is registered, the software stores the printers host name in the variable$printer_vo->str_host_address. The code later builds a URL like 'http://<hostaddress>:80/DevMgmt/DiscoveryTree.xml' and sends the request with curl. No validation, whitelist, or privatenetwork filtering is performed before the request is made.Because the request is blind, an attacker cannot see the data directly, but can still: probe internal services, trigger internal actions, or gather other intelligence. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-05

https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-hp-update-php-script