CVE-2025-34218
Published: 29 September 2025
Summary
CVE-2025-34218 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 30.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Deeper analysis
Vasion Print, formerly known as PrinterLogic, exposes internal Docker containers in its Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 for VA and SaaS deployments. The gateway Docker instance publishes an unauthenticated /meta endpoint that enumerates every micro-service container along with version details, and the containers themselves remain reachable over HTTP or HTTPS with no ACL, authentication, or rate limiting in place. The root cause is the absence of any access controls on the API gateway’s proxy to the internal service mesh, which effectively makes the containers part of the public attack surface and is tracked by the vendor as V-2024-030.
Any attacker with LAN or Internet reachability can enumerate the services, call their exposed APIs without credentials, and issue requests that may result in information disclosure, container-level privilege escalation, or denial of service against the appliance. The issue is rated CVSS 4.0 10.0 and is classified under CWE-306 for missing authentication of a critical function.
Vendor security bulletins direct customers to upgrade the affected Virtual Appliance Host and Application components to the fixed releases. Independent analyses published alongside the bulletins confirm that the exposure stems directly from the unrestricted proxy configuration.
EPSS for the CVE rose from a low baseline to a recorded peak of 0.0115, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31643
Vulnerability details
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together…
more
with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire appliance. The root cause is the absence of authentication and network‑level restrictions on the API‑gateway’s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface. This vulnerability has been identified by the vendor as: V-2024-030 — Exposed Internal Docker Instance (LAN).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Exposes internal Docker containers and microservices via unauthenticated HTTP/HTTPS /meta endpoint and APIs, enabling service enumeration (T1046), software version discovery (T1518), container discovery (T1613), exploitation of public-facing (T1190) and remote services (T1210) for privilege escalation (T1068), and endpoint DoS (T1499).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-7 mandates monitoring and control of communications at external and key internal boundaries, directly preventing exposure of internal Docker containers through the unprotected gateway instance.
AC-4 enforces controls on information flows between external networks and internal systems, mitigating the lack of network-level restrictions on the API-gateway proxy to Docker containers.
AC-3 requires enforcement of approved authorizations for access to system resources, addressing the absence of authentication and ACLs on exposed microservice APIs.