CVE-2025-34228

HIGH

Vasion Print Virtual Appliance < 25.1.102 - Unauthenticated SSRF via Lexmark Update Script

Title source: llm

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds URLs from user‑controlled values and then invokes either 'curl_exec()` or `file_get_contents()` without proper validation. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

References (4)

Core 4

Core References

Exploit, Third Party Advisory technical-description

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-ssrf-04

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/vasion-print-printerlogic-ssrf-via-lexmark-update-php-script

Scores

CVSS v3 8.6

EPSS 0.0075

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-306 CWE-918

Status published

Products (4)

Vasion/Print Application < 25.1.1413

Vasion/Print Virtual Appliance Host < 25.1.102

vasion/virtual_appliance_application < 25.1.1413

vasion/virtual_appliance_host < 25.1.102

Published Sep 29, 2025

Tracked Since Feb 18, 2026