CVE-2025-34230

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a blind server-side request forgery SSRF vulnerability reachable via the /var/www/app/consolerelease/hp/logoffsinglesignon.php script that can...

CVE-2025-34216

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 VA deployments only expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the...

CVE-2025-34235 Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 Windows client deployments contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can...

CVE-2025-34221

Vasion Print (PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 expose internal Docker containers to the network due to firewall rules allowing unrestricted traffic on the Docker bridge. No authentication/ACL or client identifier is required, enabling unaut...

CVE-2025-34196

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 Windows client deployments contain a hardcoded private key for the PrinterLogic Certificate Authority CA and a hardcoded password in product configuration files. The Windows...

CVE-2025-34189

Vasion Print Virtual Appliance Host <1.0.735 and Vasion Print Application

CVE-2025-34199 Vasion Print (formerly PrinterLogic) Insecure SSL Verification Allows Man-in-the-Middle Attacks

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 VA and SaaS deployments contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal...

CVE-2025-34194 Vasion Print (formerly PrinterLogic) Local Privilege Escalation via Insecure Temporary File Handling

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 Windows client deployments contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT...

PT-2025-38594

Name of the Vulnerable Software and Affected Versions Vasion Print affected versions not specified Description The Vasion Print Virtual Appliance Host and Application Windows client deployments contain an insecure temporary-file handling issue in the PrinterInstallerClient components. The softwar...

CVE-2023-32231

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution...

CVE-2023-32232

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out o...

CVE-2022-32427

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client...

CVE-2021-42642

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer...

CVE-2021-42633

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may allow an attacker to access additional audit records...

CVE-2021-42637

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forgery SSRF vulnerability...

CVE-2021-42639

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization...

CVE-2021-42635

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APPKEY value, leading to pre-auth remote code execution...

CVE-2021-42640

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to reassign drivers for any printer...

CVE-2021-42631

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution...

CVE-2021-42641

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference IDOR vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users...