CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34228

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds URLs from user‑controlled values and then invokes either 'curl_exec()` or `file_get_contents()` without proper validation. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.2%

CVSS Severity

CVSS v3 Score 8.6

References

Products affected by CVE-2025-34228

Vasion » Virtual Appliance Application » Version: 20.0.1099

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1099
Vasion » Virtual Appliance Application » Version: 20.0.1181

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1181
Vasion » Virtual Appliance Application » Version: 20.0.1285

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1285
Vasion » Virtual Appliance Application » Version: 20.0.1305

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1305
Vasion » Virtual Appliance Application » Version: 20.0.1330

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1330
Vasion » Virtual Appliance Application » Version: 20.0.1380

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1380
Vasion » Virtual Appliance Application » Version: 20.0.1442

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1442
Vasion » Virtual Appliance Application » Version: 20.0.1480

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1480
Vasion » Virtual Appliance Application » Version: 20.0.1510

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1510
Vasion » Virtual Appliance Application » Version: 20.0.1533

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1533
Vasion » Virtual Appliance Application » Version: 20.0.1582

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1582
Vasion » Virtual Appliance Application » Version: 20.0.1682

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1682
Vasion » Virtual Appliance Application » Version: 20.0.1708

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1708
Vasion » Virtual Appliance Application » Version: 20.0.1766

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1766
Vasion » Virtual Appliance Application » Version: 20.0.1923

cpe:2.3:a:vasion:virtual_appliance_application:20.0.1923
Vasion » Virtual Appliance Application » Version: 20.0.2014

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2014
Vasion » Virtual Appliance Application » Version: 20.0.2140

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2140
Vasion » Virtual Appliance Application » Version: 20.0.2253

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2253
Vasion » Virtual Appliance Application » Version: 20.0.2368

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2368
Vasion » Virtual Appliance Application » Version: 20.0.2489

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2489
Vasion » Virtual Appliance Application » Version: 20.0.2592

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2592
Vasion » Virtual Appliance Application » Version: 20.0.2614

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2614
Vasion » Virtual Appliance Application » Version: 20.0.2702

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2702
Vasion » Virtual Appliance Application » Version: 20.0.2786

cpe:2.3:a:vasion:virtual_appliance_application:20.0.2786
Vasion » Virtual Appliance Application » Version: 20.0.671

cpe:2.3:a:vasion:virtual_appliance_application:20.0.671
Vasion » Virtual Appliance Application » Version: 20.0.674

cpe:2.3:a:vasion:virtual_appliance_application:20.0.674
Vasion » Virtual Appliance Application » Version: 20.0.693

cpe:2.3:a:vasion:virtual_appliance_application:20.0.693
Vasion » Virtual Appliance Application » Version: 20.0.756

cpe:2.3:a:vasion:virtual_appliance_application:20.0.756
Vasion » Virtual Appliance Application » Version: 20.0.795

cpe:2.3:a:vasion:virtual_appliance_application:20.0.795
Vasion » Virtual Appliance Application » Version: 20.0.846

cpe:2.3:a:vasion:virtual_appliance_application:20.0.846
Vasion » Virtual Appliance Host » Version: 1.0.541

cpe:2.3:a:vasion:virtual_appliance_host:1.0.541
Vasion » Virtual Appliance Host » Version: 1.0.543

cpe:2.3:a:vasion:virtual_appliance_host:1.0.543
Vasion » Virtual Appliance Host » Version: 1.0.581

cpe:2.3:a:vasion:virtual_appliance_host:1.0.581
Vasion » Virtual Appliance Host » Version: 1.0.584

cpe:2.3:a:vasion:virtual_appliance_host:1.0.584
Vasion » Virtual Appliance Host » Version: 1.0.593

cpe:2.3:a:vasion:virtual_appliance_host:1.0.593
Vasion » Virtual Appliance Host » Version: 1.0.674

cpe:2.3:a:vasion:virtual_appliance_host:1.0.674
Vasion » Virtual Appliance Host » Version: 1.0.711

cpe:2.3:a:vasion:virtual_appliance_host:1.0.711
Vasion » Virtual Appliance Host » Version: 1.0.730

cpe:2.3:a:vasion:virtual_appliance_host:1.0.730
Vasion » Virtual Appliance Host » Version: 1.0.735

cpe:2.3:a:vasion:virtual_appliance_host:1.0.735
Vasion » Virtual Appliance Host » Version: 1.0.742

cpe:2.3:a:vasion:virtual_appliance_host:1.0.742
Vasion » Virtual Appliance Host » Version: 1.0.750

cpe:2.3:a:vasion:virtual_appliance_host:1.0.750
Vasion » Virtual Appliance Host » Version: 1.0.756

cpe:2.3:a:vasion:virtual_appliance_host:1.0.756
Vasion » Virtual Appliance Host » Version: 1.0.757

cpe:2.3:a:vasion:virtual_appliance_host:1.0.757
Vasion » Virtual Appliance Host » Version: 22.0.1002

cpe:2.3:a:vasion:virtual_appliance_host:22.0.1002
Vasion » Virtual Appliance Host » Version: 22.0.1026

cpe:2.3:a:vasion:virtual_appliance_host:22.0.1026
Vasion » Virtual Appliance Host » Version: 22.0.1049

cpe:2.3:a:vasion:virtual_appliance_host:22.0.1049
Vasion » Virtual Appliance Host » Version: 22.0.818

cpe:2.3:a:vasion:virtual_appliance_host:22.0.818
Vasion » Virtual Appliance Host » Version: 22.0.843

cpe:2.3:a:vasion:virtual_appliance_host:22.0.843
Vasion » Virtual Appliance Host » Version: 22.0.862

cpe:2.3:a:vasion:virtual_appliance_host:22.0.862
Vasion » Virtual Appliance Host » Version: 22.0.893

cpe:2.3:a:vasion:virtual_appliance_host:22.0.893
Vasion » Virtual Appliance Host » Version: 22.0.913

cpe:2.3:a:vasion:virtual_appliance_host:22.0.913
Vasion » Virtual Appliance Host » Version: 22.0.933

cpe:2.3:a:vasion:virtual_appliance_host:22.0.933
Vasion » Virtual Appliance Host » Version: 22.0.951

cpe:2.3:a:vasion:virtual_appliance_host:22.0.951

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-34228

Products

Pricing

Contact Us