CVE-2025-34231

29.09.2025, 21:15

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102and Application prior to version 25.1.1413(VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup.php' script is reachable from the Internet without any authentication and builds URLs from usercontrolled parameters before invoking either the custom processCurl() function or PHPs file_get_contents(); in both cases the hostname/URL is taken directly from the request with no whitelist, scheme restriction, IPrange validation, or outboundnetwork filtering. Consequently, any unauthenticated attacker can force the server to issue arbitrary HTTP requests to internal resources. This enables internal network reconnaissance, credential leakage, pivoting, and data exfiltration.This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-306 - Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-07

https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-hp-badgesetup-php-script