CVE-2025-34230
29.09.2025, 21:15
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/hp/log_off_single_sign_on.php script that can be exploited by an unauthenticated user. When a printer is registered, the software stores the printers host name in the variable$printer_vo->str_host_address. The code later builds a URL like 'http://<hostaddress>:80/DevMgmt/DiscoveryTree.xml' and sends the request with curl. No validation, whitelist, or privatenetwork filtering is performed before the request is made.Because the request is blind, an attacker cannot see the data directly, but can still: probe internal services, trigger internal actions, or gather other intelligence. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
| Vendor | Product | Version |
|---|---|---|
| vasion | virtual_appliance_application | 𝑥 < 25.1.1413 |
| vasion | virtual_appliance_host | 𝑥 < 25.1.102 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
- CWE-918 - Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
References