CVE-2025-34222

🗓️ 29 Sep 2025 20:41:52Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 16 Views🌐 WEB

Unauthenticated admin APIs in Vasion Print allow TLS certificate upload and deletion.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2025-34222	29 Sep 202520:41	–	attackerkb
CNNVD	Vasion Print Virtual Appliance Host 安全漏洞	29 Sep 202500:00	–	cnnvd
Cvelist	CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates	29 Sep 202520:41	–	cvelist
EUVD	EUVD-2025-31628	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34222	29 Sep 202521:15	–	nvd
Positive Technologies	PT-2025-39887	29 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34222	30 Sep 202520:56	–	redhatcve
Vulnrichment	CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates	29 Sep 202520:41	–	vulnrichment

NVD

Vulners

CNA

Node

vasion virtual_appliance_applicationRange<20.0.2786

vasion virtual_appliance_hostRange<22.0.1049

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "/admin/hp/cert_upload",
      "/admin/hp/cert_delete",
      "/admin/certs/ca",
      "/admin/certs/serviceclients/{scid}"
    ],
    "product": "Print Virtual Appliance Host",
    "vendor": "Vasion",
    "versions": [
      {
        "lessThan": "22.0.1049",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "/admin/hp/cert_upload",
      "/admin/hp/cert_delete",
      "/admin/certs/ca",
      "/admin/certs/serviceclients/{scid}"
    ],
    "product": "Print Application",
    "vendor": "Vasion",
    "versions": [
      {
        "lessThan": "20.0.2786",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
help	www.help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
vulncheck	www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-admin-apis-used-to-modify-ssl-certs
pierrekim	www.pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html
help	www.help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Parameter	Position	Path	Description	CWE
certificate_data	path	/admin/hp/cert_upload	Unauthenticated certificate upload endpoint allowing replacement of trusted root certificates.	CWE-306, CWE-434
certificate_id	path	/admin/hp/cert_delete	Unauthenticated certificate delete endpoint enabling removal of trusted certificates.	CWE-306, CWE-434
ca_certificate_id	path	/admin/certs/ca	Unauthenticated access to CA certificates, enabling exposure of stored CA certs.	CWE-306, CWE-434
download or access	path	/admin/certs/ca	Unauthenticated access to CA certificates, enabling exposure of stored CA certs.	CWE-306, CWE-434
scid	path	/admin/certs/serviceclients/{scid}	Unauthenticated access to service client certificates (IDOR via serviceclients IDs) allowing enumeration/download of client certs.	CWE-306, CWE-434

17 Jun 2026 09:13Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.19.1

CVSS 410

EPSS0.00494

SSVC