CVE-2025-34203
Published: 19 September 2025
Summary
CVE-2025-34203 is a critical-severity an unspecified weakness vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits the use of unsupported and end-of-life system components such as EOL Nginx, OpenSSL, Alpine/Debian/Ubuntu images, and Laravel/PHP libraries in the Docker containers.
Requires timely identification, reporting, and correction of flaws in outdated third-party components through patching or upgrades, as recommended by the vendor to versions 22.0.1002 and 20.0.2614.
Enables vulnerability scanning and monitoring to identify outdated and vulnerable dependencies like Nginx 1.17.x and EOL Laravel versions across multiple Docker containers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Outdated and vulnerable third-party components (Nginx 1.17.x, OpenSSL 1.1.1d, EOL Laravel/PHP libraries, EOL base images) in exposed Docker containers enable exploitation of public-facing applications and remote services for initial access or lateral movement.
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components (examples: Nginx 1.17.x, OpenSSL 1.1.1d,…
more
various EOL Alpine/Debian/Ubuntu base images, and EOL Laravel/PHP libraries). These components are present across many container images and increase the product's attack surface, enabling exploitation chains when leveraged by an attacker. Multiple distinct EOL versions and unpatched libraries across containers; Nginx binaries date from 2019 in several images and Laravel versions observed include EOL releases (for example Laravel 5.5.x, 5.7.x, 5.8.x). This vulnerability has been identified by the vendor as: V-2024-014 — Outdated Dependencies.
Deeper analysisAI
CVE-2025-34203 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 across VA and SaaS deployments. The vulnerability stems from multiple Docker containers that incorporate outdated, end-of-life, unsupported, or otherwise vulnerable third-party components, including Nginx 1.17.x, OpenSSL 1.1.1d, various EOL Alpine/Debian/Ubuntu base images, and EOL Laravel/PHP libraries such as Laravel 5.5.x, 5.7.x, and 5.8.x. Nginx binaries in several images date back to 2019, with multiple distinct EOL versions and unpatched libraries present across many container images. The vendor designates this as V-2024-014 – Outdated Dependencies, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Remote unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction. The presence of these vulnerable components across containers increases the attack surface, enabling attackers to chain exploits targeting the outdated dependencies for high impacts on confidentiality, integrity, and availability.
Vendor security bulletins for SaaS and VA deployments detail mitigation steps, recommending upgrades to Virtual Appliance Host version 22.0.1002 or later and Application version 20.0.2614 or later to remediate the outdated components. Further analysis appears in advisories from VulnCheck and researcher Pierre Kim's report on 83 vulnerabilities in Vasion/PrinterLogic products.
Details
- CWE(s)