CVE-2025-34202
Published: 19 September 2025
Summary
CVE-2025-34202 is a high-severity Reliance on IP Address for Authentication (CWE-291) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 33.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-41 (Port and I/O Device Access).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Monitors and controls communications at external and internal boundaries to prevent unauthorized L2 or routed access to exposed Docker container IPs and internal services.
Enforces information flow control policies to isolate Docker internal networks from external segments, blocking direct reach to containerized services like HTTP APIs, Redis, and MySQL.
Restricts ports, protocols, and services at managed interfaces to authorized ones only, mitigating exposure of unauthenticated or vulnerable internal container services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exposure of internal Docker container networks and unauthenticated/vulnerable services (HTTP APIs, Redis, MySQL) enables network service discovery, exploitation of remote services for RCE, and lateral movement via remote service access.
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker…
more
able to add routes using the appliance as a gateway — to reach container IPs directly. This grants access to internal services (HTTP APIs, Redis, MySQL, etc.) that are intended to be isolated inside the container network. Many of those services are accessible without authentication or are vulnerable to known exploitation chains. As a result, compromise of a single reachable endpoint or basic network access can enable lateral movement, remote code execution, data exfiltration, and full system compromise. This vulnerability has been identified by the vendor as: V-2025-003 — Insecure Access to Docker Instance from WAN.
Deeper analysisAI
CVE-2025-34202 is a vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to 25.2.1518, affecting both VA and SaaS deployments. It stems from the exposure of Docker internal networks, enabling direct access to container IPs by attackers on the same external L2 segment or those able to add routes using the appliance as a gateway. This bypasses intended isolation of internal services, including HTTP APIs, Redis, and MySQL, many of which lack authentication or are susceptible to known exploitation chains. The issue is classified under CWE-291 with a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and has been designated by the vendor as V-2025-003 — Insecure Access to Docker Instance from WAN.
Exploitation requires adjacent network access but no privileges or user interaction. An attacker with L2 proximity or routing control through the appliance can reach containerized services directly, leveraging unauthenticated endpoints or chained vulnerabilities to achieve lateral movement, remote code execution, data exfiltration, and full system compromise. Even basic network access to a single reachable endpoint suffices for escalation.
Vendor security bulletins for SaaS and VA deployments detail mitigations, available at https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm and https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm. Additional analysis appears in VulnCheck's advisory at https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-access-to-docker-instances-wan and researcher Pierre Kim's report at https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-access-docker-instances-from-wan.
Details
- CWE(s)