CVE-2025-34231

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102and Application prior to version 25.1.1413(VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup.php' script is reachable from the Internet without any authentication and builds URLs from usercontrolled parameters before invoking either the custom processCurl() function or PHPs file_get_contents(); in both cases the hostname/URL is taken directly from the request with no whitelist, scheme restriction, IPrange validation, or outboundnetwork filtering. Consequently, any unauthenticated attacker can force the server to issue arbitrary HTTP requests to internal resources. This enables internal network reconnaissance, credential leakage, pivoting, and data exfiltration.This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
vasionvirtual_appliance_application
𝑥
< 25.1.1413
vasionvirtual_appliance_host
𝑥
< 25.1.102
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-07
https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-hp-badgesetup-php-script
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-07