8 matches found
CVE-2025-34230
Vasion Print (PrinterLogic) SSRF (CVE-2025-34230): In VA/VA-SaaS, the Host before 25.1.102 and the Application before 25.1.1413 accept a printer hostname from the printer’s address, store it in $printer_vo->str_host_address, and later request http://:80/DevMgmt/DiscoveryTree.xml via curl witho...
CVE-2025-34225 Vasion Print (formerly PrinterLogic) SSRF via console_release Directory
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The consolerelease directory is reachable from the internet without any authentication. Insi...
CVE-2025-34232
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/lexmark/dellCheck.php script that can be...
CVE-2025-34190
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 macOS/Linux client deployments are vulnerable to an authentication bypass in PrinterInstallerClientService. The service requires root privileges for certain...
CVE-2025-34189 Vasion Print (formerly PrinterLogic) Insecure Inter-Process Communication Allows Local Session Hijacking
Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 macOS/Linux client deployments contain a vulnerability in the local inter-process communication IPC mechanism. The software stores IPC request and response files inside...
CVE-2025-34201 Vasion Print (formerly PrinterLogic) Lack of Network Segmentation Between Docker Instances
Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments run many Docker containers on shared internal networks without firewalling or segmentation between instances. A compromise of any single container allows direct access to internal services HTTP, Redi...
CVE-2025-27674
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Hardcoded IdP Key V-2023-006...
CVE-2025-27667
Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email Enumeration OVE-20230524-0011...