Vasion Print Application vulnerabilities
43 known vulnerabilities affecting vasion/print_application.
Total CVEs
43
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH17MEDIUM7
Vulnerabilities
Page 1 of 3
CVE-2025-34221P2CRITICALCVSS 9.8fixed in 25.2.15182025-09-29
CVE-2025-34221 [CRITICAL] CWE-306 CVE-2025-34221: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no authentication, ACL or client‑side identifier is requ
nvd
CVE-2025-34223P2CRITICALCVSS 9.8fixed in 20.0.27862025-09-29
CVE-2025-34223 [CRITICAL] CWE-306 CVE-2025-34223: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can reach the installation web i
nvd
CVE-2025-34205P2CRITICALCVSS 9.8fixed in 20.0.19232025-09-19
CVE-2025-34205 [CRITICAL] CWE-561 CVE-2025-34205: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found in several containers) lacks authentication checks and, when executed,
nvd
CVE-2025-34195P2CRITICALCVSS 9.8fixed in 20.0.13302025-09-19
CVE-2025-34195 [CRITICAL] CWE-434 CVE-2025-34195: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using an unquoted
nvd
CVE-2025-34215P2CRITICALCVSS 9.8fixed in 20.0.27022025-09-29
CVE-2025-34215 [CRITICAL] CWE-306 CVE-2025-34215: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private GPG key and hard-coded passp
nvd
CVE-2025-34216P2CRITICALCVSS 9.8fixed in 20.0.27022025-09-29
CVE-2025-34216 [CRITICAL] CWE-306 CVE-2025-34216: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the Laravel APP_KEY used for cryptographic signing. Bec
nvd
CVE-2025-34218P2CRITICALCVSS 9.8fixed in 20.0.27862025-09-29
CVE-2025-34218 [CRITICAL] CWE-306 CVE-2025-34218: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together with version information. These container
nvd
CVE-2025-34212P2CRITICALCVSS 9.8fixed in 20.0.19232025-09-29
CVE-2025-34212 [CRITICAL] CWE-494 CVE-2025-34212: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASS
nvd
CVE-2025-34224P2CRITICALCVSS 9.1fixed in 20.0.27862025-09-29
CVE-2025-34224 [CRITICAL] CWE-306 CVE-2025-34224: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated remote attacker can invoke these endpoints to re‑configure networked printers,
nvd
CVE-2025-34193P2CRITICALCVSS 9.8fixed in 25.1.14132025-09-19
CVE-2025-34193 [CRITICAL] CWE-755 CVE-2025-34193: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components (PrinterInstallerClientInterface.exe, PrinterInstallerClient.exe, PrinterInstallerClientLauncher.exe) that lack modern compile-time and runtime exploit mitigations and rely on outdated
nvd
CVE-2025-34222P2CRITICALCVSS 9.1fixed in 20.0.27862025-09-29
CVE-2025-34222 [CRITICAL] CWE-306 CVE-2025-34222: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /admin/certs/serviceclients/{scid} – without any authentication check. The routes are defined in the /v
nvd
CVE-2025-34192P2CRITICALCVSS 9.8fixed in 20.0.21402025-09-19
CVE-2025-34192 [CRITICAL] CWE-1104 CVE-2025-34192: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated crypt
nvd
CVE-2025-34231P2HIGHCVSS 8.6fixed in 25.1.14132025-09-29
CVE-2025-34231 [HIGH] CWE-306 CVE-2025-34231: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The '/var/www/app/console_release/hp/badgeSetup.php' script is reachable from the Internet without any authentication and
nvd
CVE-2025-34196P2CRITICALCVSS 9.8fixed in 25.1.14132025-09-29
CVE-2025-34196 [CRITICAL] CWE-522 CVE-2025-34196: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Applicati
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application prior to 25.1.1413 (Windows client deployments) contain a hardcoded private key for the PrinterLogic Certificate Authority (CA) and a hardcoded password in product configuration files. The Windows client ships the CA certificate and its associate
nvd
CVE-2025-34217P3CRITICALCVSS 9.8v*2025-09-30
CVE-2025-34217 [CRITICAL] CWE-321 CVE-2025-34217: Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) co
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matching private key gives an attacker root access to the
nvd
CVE-2025-34207P3CRITICALCVSS 9.8fixed in 20.0.27862025-09-29
CVE-2025-34207 [CRITICAL] CWE-306 CVE-2025-34207: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`, and `ForwardAgent yes`. These settings disable verification of the remot
nvd
CVE-2025-34225P2HIGHCVSS 8.6fixed in 25.1.14132025-09-29
CVE-2025-34225 [HIGH] CWE-306 CVE-2025-34225: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authentication. Inside that directory are dozens of PHP scripts tha
nvd
CVE-2025-34203P3CRITICALCVSS 9.8fixed in 20.0.26142025-09-19
CVE-2025-34203 [CRITICAL] CWE-1395 CVE-2025-34203: Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Applicat
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components (examples: Nginx 1.17.x, OpenSSL 1.1.1d, various EOL Alpine
nvd
CVE-2025-34202P3HIGHCVSS 8.8fixed in 25.2.15182025-09-19
CVE-2025-34202 [HIGH] CWE-291 CVE-2025-34202: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a gateway — to reach container IPs directly. This grants ac
nvd
CVE-2025-34228P3HIGHCVSS 8.6fixed in 25.1.14132025-09-29
CVE-2025-34228 [HIGH] CWE-306 CVE-2025-34228: Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Applicatio
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `/var/www/app/console_release/lexmark/update.php` script is reachable from the internet without any authentication. The PHP script builds
nvd
1 / 3Next →