CVE-2025-34215
Published: 29 September 2025
Summary
CVE-2025-34215 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 18.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-14 (Signed Components).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits unauthenticated performance of critical functions like firmware token issuance and uploads by limiting permitted actions without identification and authentication.
Requires proper establishment, management, and protection of cryptographic keys to prevent hard-coding and exposure of the GPG private key and passphrase in Docker images.
Mandates the use of digitally signed firmware components with integrity verification prior to installation, blocking deployment of modified malicious firmware.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes an unauthenticated firmware upload endpoint via a public page providing signed tokens, combined with hardcoded GPG private key and passphrase in Docker images, enabling attackers to modify, re-sign, and deploy malicious firmware for remote code execution on the public-facing virtual appliance.
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains…
more
the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.
Deeper analysisAI
CVE-2025-34215 is a remote code execution vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1026 and Application versions prior to 20.0.2702, affecting only VA deployments. It stems from an unauthenticated firmware-upload flow exposed via a public page that returns a signed token usable at the va-api/v1/update endpoint. Every Docker image includes the appliance's private GPG key and a hard-coded passphrase, enabling attackers to manipulate firmware updates. The vendor designates this as V-2024-020, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and associated CWEs 306 (Missing Authentication for Critical Function) and 321 (Use of Hard-coded Cryptographic Key).
Any unauthenticated attacker with network access can exploit this by extracting the private GPG key and passphrase from a publicly obtainable Docker image, acquiring a signed token from the public page, decrypting legitimate firmware, injecting malicious code, re-signing it, uploading it via the update endpoint, and triggering execution. This grants full remote code execution on the Virtual Appliance Host.
Vendor security bulletins recommend upgrading to Virtual Appliance Host version 22.0.1026 or later and Application version 20.0.2702 or later for VA deployments to mitigate the issue. Additional details are available in advisories from PrinterLogic and independent analyses by researchers.
Details
- CWE(s)