CVE-2025-34215
Published: 29 September 2025
Summary
CVE-2025-34215 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.4 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-14 (Signed Components).
Deeper analysis
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 expose an unauthenticated firmware-upload flow in VA deployments. A public page returns a signed token that can be used at the va-api/v1/update endpoint, while every Docker image ships with the appliance’s private GPG key and a hard-coded passphrase. The issue is tracked by the vendor as V-2024-020 and is associated with CWE-306 and CWE-321.
An attacker with network access can retrieve the token, extract the embedded key and passphrase from the image, then decrypt, modify, re-sign, and upload malicious firmware. Successful exploitation grants remote code execution on the appliance with high impact to confidentiality, integrity, and availability.
Vendor security bulletins at the referenced PrinterLogic URLs advise upgrading the Virtual Appliance Host to 22.0.1026 or later and the Application to 20.0.2702 or later. The EPSS score has remained flat at 0.0162 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31625
Vulnerability details
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains…
more
the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes an unauthenticated firmware upload endpoint via a public page providing signed tokens, combined with hardcoded GPG private key and passphrase in Docker images, enabling attackers to modify, re-sign, and deploy malicious firmware for remote code execution on the public-facing virtual appliance.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prohibits unauthenticated performance of critical functions like firmware token issuance and uploads by limiting permitted actions without identification and authentication.
Requires proper establishment, management, and protection of cryptographic keys to prevent hard-coding and exposure of the GPG private key and passphrase in Docker images.
Mandates the use of digitally signed firmware components with integrity verification prior to installation, blocking deployment of modified malicious firmware.