CVE-2025-34202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-34202
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a gateway — to reach container IPs directly. This grants access to internal services (HTTP APIs, Redis, MySQL, etc.) that are intended to be isolated inside the container network. Many of those services are accessible without authentication or are vulnerable to known exploitation chains. As a result, compromise of a single reachable endpoint or basic network access can enable lateral movement, remote code execution, data exfiltration, and full system compromise.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-access-docker-instances-from-wan Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-access-to-docker-instances-wan Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*
History

24 Sep 2025, 19:19

Type Values Removed Values Added
First Time Vasion virtual Appliance Host
Vasion virtual Appliance Application
Vasion
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
References () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - () https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - Vendor Advisory
References () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-access-docker-instances-from-wan - () https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-access-docker-instances-from-wan - Exploit, Third Party Advisory
References () https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-access-to-docker-instances-wan - () https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-access-to-docker-instances-wan - Third Party Advisory
CPE cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*
cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*

19 Sep 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-19 19:15

Updated : 2025-09-24 19:19

NVD link : CVE-2025-34202

Mitre link : CVE-2025-34202

CVE.ORG link : CVE-2025-34202

JSON object : View

Products Affected

vasion

  • virtual_appliance_application
  • virtual_appliance_host
CWE
CWE-291

Reliance on IP Address for Authentication