Cyber Resilience

CVE-2025-34215

CriticalPublic PoC

Published: 29 September 2025

Published
29 September 2025
Modified
18 October 2025
KEV Added
Patch
CVSS Score v4 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0162 82.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34215 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.4 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-14 (Signed Components).

Deeper analysis

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 expose an unauthenticated firmware-upload flow in VA deployments. A public page returns a signed token that can be used at the va-api/v1/update endpoint, while every Docker image ships with the appliance’s private GPG key and a hard-coded passphrase. The issue is tracked by the vendor as V-2024-020 and is associated with CWE-306 and CWE-321.

An attacker with network access can retrieve the token, extract the embedded key and passphrase from the image, then decrypt, modify, re-sign, and upload malicious firmware. Successful exploitation grants remote code execution on the appliance with high impact to confidentiality, integrity, and availability.

Vendor security bulletins at the referenced PrinterLogic URLs advise upgrading the Virtual Appliance Host to 22.0.1026 or later and the Application to 20.0.2702 or later. The EPSS score has remained flat at 0.0162 with no material increase since disclosure.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains…

more

the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability exposes an unauthenticated firmware upload endpoint via a public page providing signed tokens, combined with hardcoded GPG private key and passphrase in Docker images, enabling attackers to modify, re-sign, and deploy malicious firmware for remote code execution on the public-facing virtual appliance.

CVEs Like This One

CVE-2025-34224Same product: Vasion Virtual Appliance Application
CVE-2025-34223Same product: Vasion Virtual Appliance Application
CVE-2025-34216Same product: Vasion Virtual Appliance Application
CVE-2025-34221Same product: Vasion Virtual Appliance Application
CVE-2025-34225Same product: Vasion Virtual Appliance Application
CVE-2025-34218Same product: Vasion Virtual Appliance Application
CVE-2025-34222Same product: Vasion Virtual Appliance Application
CVE-2025-34231Same product: Vasion Virtual Appliance Application
CVE-2025-34228Same product: Vasion Virtual Appliance Application
CVE-2025-34203Same product: Vasion Virtual Appliance Application

Affected Assets

vasion
virtual appliance application
≤ 20.0.2702
vasion
virtual appliance host
≤ 22.0.1026

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prohibits unauthenticated performance of critical functions like firmware token issuance and uploads by limiting permitted actions without identification and authentication.

prevent

Requires proper establishment, management, and protection of cryptographic keys to prevent hard-coding and exposure of the GPG private key and passphrase in Docker images.

prevent

Mandates the use of digitally signed firmware components with integrity verification prior to installation, blocking deployment of modified malicious firmware.

References