43 matches found
CVE-2025-34203
Vasion Print Virtual Appliance Host <22.0.1002 and Vasion Print Application
CVE-2025-34211
Vasion Print Virtual Appliance Host (pre-22.0.1049) and Application (pre-20.0.2786) store a private SSL key and its public certificate in cleartext, using the same pl-local.com key across all deployments. With container access, an attacker can read the key to decrypt TLS traffic, perform MITM, or...
CVE-2025-34234
Summary: CVE-2025-34234 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413. Two hardcoded private keys are shipped inside application containers (printerlogic/pi, printerlogic/printer-admin-api, printercloud/pi) and stored in p...
CVE-2025-34190
Vasion Print (PrinterLogic) PrinterInstallerClientService is affected by an authentication bypass through LD_PRELOAD hooking of geteuid, enabling local privilege escalation. Affected versions include Virtual Appliance Host prior to 25.1.102 and Application (macOS/Linux client deployments) prior t...
CVE-2025-34192
CVE-2025-34192 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host < 22.0.893 and Application
CVE-2025-34194
Vasion Print (PrinterLogic) Virtual Appliance Host (pre-25.1.102) and Windows client deployments (pre-25.1.1413) are affected by an insecure temporary-file handling issue in the PrinterInstallerClient component. The software creates files as NT AUTHORITY\SYSTEM inside a user-controlled Temp path ...
CVE-2025-34224
Vasion Print (formerly PrinterLogic) Virtual Appliance Host (VA) and Application (VA/SaaS deployments) are affected. Prior to versions 22.0.1049 (Host) and 20.0.2786 (Application) expose PHP scripts under the console_release directory without authentication. An unauthenticated attacker can invoke...
CVE-2025-34202
CVE-2025-34202 affects Vasion Print (Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518). The issue stems from exposing Docker internal networks, enabling an attacker on the same external L2 segment or one who can route via the appliance to reach container IPs directly. T...
CVE-2025-34204
Summary: CVE-2025-34204 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments). Multiple Docker containers run core processes (e.g., PHP workers, Node.js servers, custom binaries) as root, increasing blast radius if a container is breached an...
CVE-2025-34225
Vasion Print (PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 suffer SSRF via an unauthenticated console_release directory. Dozens of PHP scripts build URLs from user-controlled input and invoke curl_exec() or file_get_contents() without sufficient validation...
CVE-2025-34191
Vulnerability CVE-2025-34191 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Vasion Print Application versions prior to 20.0.1923 (macOS/Linux client deployments). The issue is an arbitrary file write via response file handling: tasks write respo...
CVE-2025-34201
The CVE-2025-34201 entry concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application used in VA/SaaS deployments. It states that Docker containers are run on shared internal networks without firewalling or segmentation between instances, so a compromise of any single cont...
CVE-2025-34205
Vusion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.843 and Application prior to 20.0.1923 contain dangerous PHP dead code. The file /var/www/app/resetroot.php lacks authentication, enabling an attacker to reset the MySQL root password and gain full database control; separat...
CVE-2025-34229
Vulsion: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.1.102 and Application prior to 25.1.1413 contain a blind SSRF via /var/www/app/console_release/hp/installApp.php. An unauthenticated attacker can cause the system to request internal host addresses (built as http://:...
CVE-2025-34189
Vasion Print Virtual Appliance Host <1.0.735 and Vasion Print Application
CVE-2025-34199
Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786) expose insecure TLS usage due to disabling verification. Specifically, the code disables CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER and uses environment variables (e.g., API_*_VERIFYSSL=false) ...
CVE-2025-34209
Vusion Print (formerly PrinterLogic) VAs/VAaaS are affected: Docker images for Virtual Appliance Host <22.0.862 and Application
CVE-2025-34218
Vasion Print Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 expose internal Docker containers via the gw Docker instance. The gateway’s /meta endpoint lists micro‑services and versions, and the containers are reachable over HTTP/HTTPS without ACLs, authentication, or...
CVE-2025-34220
Vasion Print (VA and SaaS) is affected by CVE-2025-34220 due to an unauthenticated /api-gateway/identity/search-groups endpoint. The issue allows enumeration of group objects for a tenant, exposing fields such as group IDs, source service IDs, Azure AD object IDs, creation timestamps, and tenant ...
CVE-2025-34188
CVE-2025-34188 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 1.0.735 and Vasion Print Application prior to 20.0.1330 (macOS/Linux deployments). The root cause is a vulnerability in the local logging mechanism that stores authentication session tokens (PHPSESSID, XSR...
CVE-2025-34195
The CVE-2025-34195 entry describes a remote code execution in Vasion Print (formerly PrinterLogic) Virtual Appliance Host (versions prior to 1.0.735) and Vasion Print Application (Windows client deployments prior to 20.0.1330) caused by unquoted program paths during driver installation. The Print...
CVE-2025-34206
The CVE-2025-34206 entry concerns Vasion Print (PrinterLogic) Virtual Appliance Host and Application. It describes overly-permissive permissions on host files mounted into multiple Docker containers under /var/www/efs_storage, enabling access to secrets.env, GPG-encrypted blobs, MySQL client keys...
CVE-2025-34215
CVE-2025-34215 : Vasion Print (formerly PrinterLogic) Virtual Appliance Host before 22.0.1026 and Application before 20.0.2702 expose an unauthenticated firmware-upload flow. A public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private G...
CVE-2025-34217
CVE-2025-34217 concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments). The advisory documents an undocumented local user named printerlogic with a hardcoded SSH public key stored in ~/.ssh/authorized_keys and a sudoers rule giving the printerlog...
CVE-2025-34223
CVE-2025-34223 affects Vasion Print Virtual Appliance Host (pre-22.0.1049) and Vasion Print Application (pre-20.0.2786). An unauthenticated attacker can reach an installation-time endpoint at /admin/query/update_database.php, submit arbitrary root_user/root_password values, and replace the defaul...
CVE-2025-34193
Vasion Print (formerly PrinterLogic) Windows client components PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, and PrinterInstallerClientLauncher.exe in Virtual Appliance Host and Application versions prior to 25.1.102 / 25.1.1413 lack modern memory-safety mitigations (DEP, ASLR,...
CVE-2025-34197
CVE-2025-34197 affects Vasion Print Virtual Appliance Host < 22.0.951 and Vasion Print Application
CVE-2025-34198
CVE-2025-34198 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application where versions before 22.0.951 (Host) and 20.0.2368 (Application) include shared, hardcoded SSH host private keys (RSA, ECDSA, ED25519) embedded in the appliance image. Because the same keys are use...
CVE-2025-34200
Affected software: Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments). Vulnerability details: Credentials for the network account are stored in plaintext in the /etc/issue file and the file is world-readable by default. An attacker with local she...
CVE-2025-34232
Vasion Print (formerly PrinterLogic) Virtual Appliance Host is affected up to version 25.1.102 and the Application up to 25.1.1413 in VA/SaaS deployments. A blind SSRF is reachable via /var/www/app/console_release/lexmark/dellCheck.php; when a printer is registered, the hostname is stored in $pri...
CVE-2025-34196
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 contain a hardcoded private key for the PrinterLogic CA and a hardcoded password in configuration files. The Windows client ships the CA certificate and private key (and other...
CVE-2025-34207
Vasion Print (Virtual Appliance Host and Application) before versions 22.0.1049 and 20.0.2786 respectively use insecure SSH client settings in Docker: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. This disables host key verification and forwards the SSH agent, enab...
CVE-2025-34222
Vasion Print (formerly PrinterLogic) Vulnerability CVE-2025-34222 affects Virtual Appliance Host before 22.0.1049 and Application before 20.0.2786 (VA/SaaS). The issue stems from four unauthenticated admin routes exposed in the printercloud/pi Docker container (routes: /admin/hp/cert_upload, /adm...
CVE-2025-34216
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1026 and Application prior to 20.0.2702 expose unauthenticated REST endpoints that return configuration files and clear-text passwords, and disclose the Laravel APP_KEY. Without the APP_KEY, crafted requests cannot be signe...
CVE-2025-34221
Vasion Print (PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 expose internal Docker containers to the network due to firewall rules allowing unrestricted traffic on the Docker bridge. No authentication/ACL or client identifier is required, enabling unaut...
CVE-2025-34228
Vasion Print (formerly PrinterLogic) SSRF in VA/VA SaaS before 25.1.102 (Host) and before 25.1.1413 (Application). The issue arises from unauthenticated access to /var/www/app/console_release/lexmark/update.php, which builds URLs from user-controlled values and forwards requests via curl_exec() o...
CVE-2025-34208
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS) uses unsalted SHA-512 and, fallback unsalted SHA-1, for password hashing via PHP hash() in multiple files (server_write_requests_users.php, update_database.php, legacy/Login.php, tests/Unit/Api/IdpControllerTest...
CVE-2025-34212
CVE-2025-34212 involves Vasion Print (Virtual Appliance Host and App) with CI/CD weaknesses in VA/SaaS deployments prior to versions 22.0.843 and 20.0.1923. The build process pulls an unverified third‑party image, downloads the VirtualBox Extension Pack over HTTP without signature validation, and...
CVE-2025-34230
Vasion Print (PrinterLogic) SSRF (CVE-2025-34230): In VA/VA-SaaS, the Host before 25.1.102 and the Application before 25.1.1413 accept a printer hostname from the printer’s address, store it in $printer_vo->str_host_address, and later request http://:80/DevMgmt/DiscoveryTree.xml via curl witho...
CVE-2025-34231
Vulation Print (PrinterLogic) SSRF vulnerability CVE-2025-34231 affects Vasion Print Virtual Appliance Host <25.1.102 and Application
CVE-2025-34233
Vasion Print (formerly PrinterLogic) Virtual Appliance Host before 25.1.102 and Application before 25.1.1413 are affected by a protection mechanism failure in the file_get_contents()/CURL usage. When an administrator configures a printer hostname (or similar callback field), the value is passed u...
CVE-2025-34235
Vasion Print (formerly PrinterLogic) Virtual Appliance Host (versions before 25.1.102) and Application (Windows clients before 25.1.1413) contain a registry key that enables skipping SSL/TLS certificate validation. An attacker intercepting HTTPS traffic can inject malicious driver DLLs, enabling ...
CVE-2025-34210
The CVE concerns Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SAAS deployments). The connected sources confirm that sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password, etc.) are stored in cleartext files that are ...