CVE-2025-34224

CRITICAL

Vasion Print Virtual Appliance Host < 22.0.1049 and Application < 20.0.2786 - Unauthenticated Device Modification

Title source: llm

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated remote attacker can invoke these endpoints to re‑configure networked printers, add or delete RFID badge devices, or otherwise modify device settings. This vulnerability has been identified by the vendor as: V-2024-029 — No Authentication to Modify Devices.

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-device-modification

Exploit, Third Party Advisory technical-description

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-lack-of-auth-manage-printers

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Scores

CVSS v3 9.1

EPSS 0.0092

EPSS Percentile 55.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (4)

Vasion/Print Application < 20.0.2786

Vasion/Print Virtual Appliance Host < 22.0.1049

vasion/virtual_appliance_application < 20.0.2786

vasion/virtual_appliance_host < 22.0.1049

Published Sep 29, 2025

Tracked Since Feb 18, 2026