CVE-2025-34192
Published: 19 September 2025
Summary
CVE-2025-34192 is a critical-severity Use of Unmaintained Third Party Components (CWE-1104) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits the use of unsupported system components like the end-of-life OpenSSL 1.0.2h-fips library and requires their identification and replacement.
Mandates timely identification, reporting, and correction of flaws, including upgrading affected Vasion Print products to versions with supported OpenSSL libraries.
Provides vulnerability scanning to identify systems using the outdated OpenSSL library exposed to unpatched vulnerabilities.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Outdated, end-of-life OpenSSL 1.0.2h exposes daemons in Virtual Appliance Host and macOS/Linux clients to known unpatched vulnerabilities in TLS/SSL processing and cryptography, enabling remote exploitation of public-facing applications (T1190), client software (T1203), remote services (T1210), and facilitating adversary-in-the-middle attacks (T1557).
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by…
more
the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations. This vulnerability has been identified by the vendor as: V-2023-021 — Out-of-Date OpenSSL Library.
Deeper analysisAI
CVE-2025-34192 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from the use of an outdated OpenSSL 1.0.2h-fips library, released in May 2016 and end-of-life since 2019, in Vasion Print (formerly PrinterLogic) products. It affects Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 used in macOS/Linux client deployments. The unsupported library exposes deployments to known, unpatched vulnerabilities, weakening security posture through flaws in TLS/SSL processing and cryptographic operations; affected daemons may emit deprecation warnings. The issue maps to CWE-1104 (Use of Unmaintained Third Party Components) and carries vendor identifier V-2023-021 — Out-of-Date OpenSSL Library.
Remote attackers require no privileges, low complexity, or user interaction to exploit weaknesses in the outdated OpenSSL components. Exploitation could achieve high impacts on confidentiality, integrity, and availability, potentially allowing compromise of cryptographic operations or TLS/SSL handshakes in affected daemons.
Vendor security bulletins published by PrinterLogic (now Vasion) detail mitigation, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm and https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm. Additional analysis from VulnCheck (https://www.vulncheck.com/advisories/vasion-print-printerlogic-usage-of-outdated-and-unsupported-openssl-version) and researcher Pierre Kim (https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-outdated-openssl) highlight the need to upgrade to supported versions incorporating maintained OpenSSL libraries.
This vulnerability was disclosed as part of a broader set of 83 issues identified in Vasion/PrinterLogic products by Pierre Kim, underscoring risks from prolonged use of legacy cryptographic dependencies. No public evidence of real-world exploitation is noted as of the CVE publication on 2025-09-19.
Details
- CWE(s)