CVE-2025-34220
MEDIUMVasion Print Virtual Appliance Host < 25.1.102 and Application < 25.1.1413 - Unauthenticated Group Enumeration
Title source: llmDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to https://<tenant>.printercloud10.com/api-gateway/identity/search-groups and adjustments to the `Host` header allow an unauthenticated remote attacker to enumerate every group object stored for that tenant. The response includes internal identifiers (group ID, source service ID, Azure AD object IDs, creation timestamps, and tenant IDs). This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
References (4)
Core 4
Core References
Exploit, Third Party Advisory technical-description
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-api-leak
Vendor Advisory vendor-advisory
patch
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
Vendor Advisory vendor-advisory
patch
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-api-leaks-group-info
Scores
CVSS v3
5.3
EPSS
0.0066
EPSS Percentile
46.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-306
CWE-200
Status
published
Products (4)
Vasion/Print Application
< 25.1.1413
Vasion/Print Virtual Appliance Host
< 25.1.102
vasion/virtual_appliance_application
< 25.1.1413
vasion/virtual_appliance_host
< 25.1.102
Published
Sep 29, 2025
Tracked Since
Feb 18, 2026