CVE-2025-34218

CriticalPublic PoC

Published: 29 September 2025

Published

29 September 2025

Modified

09 October 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0073 72.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34218 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 27.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Service Discovery (T1046) and 6 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-7 Boundary Protection good match

prevent

SC-7 mandates monitoring and control of communications at external and key internal boundaries, directly preventing exposure of internal Docker containers through the unprotected gateway instance.

AC-4 Information Flow Enforcement good match

prevent

AC-4 enforces controls on information flows between external networks and internal systems, mitigating the lack of network-level restrictions on the API-gateway proxy to Docker containers.

AC-3 Access Enforcement good match

prevent

AC-3 requires enforcement of approved authorizations for access to system resources, addressing the absence of authentication and ACLs on exposed microservice APIs.

MITRE ATT&CK Enterprise TechniquesAI

T1046 Network Service Discovery Discovery

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499 Endpoint Denial of Service Impact

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

attack.mitre.org →

T1518 Software Discovery Discovery

Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment.

attack.mitre.org →

T1613 Container and Resource Discovery Discovery

Adversaries may attempt to discover containers and other resources that are available within a containers environment.

attack.mitre.org →

Why these techniques?

Exposes internal Docker containers and microservices via unauthenticated HTTP/HTTPS /meta endpoint and APIs, enabling service enumeration (T1046), software version discovery (T1518), container discovery (T1613), exploitation of public-facing (T1190) and remote services (T1210) for privilege escalation (T1068), and endpoint DoS (T1499).

NVD Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together…

with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire appliance. The root cause is the absence of authentication and network‑level restrictions on the API‑gateway’s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface. This vulnerability has been identified by the vendor as: V-2024-030 — Exposed Internal Docker Instance (LAN).

Deeper analysisAI

CVE-2025-34218 affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 in VA/SaaS deployments. The vulnerability stems from the exposure of internal Docker containers through the gw Docker instance, which publishes a /meta endpoint listing all micro-service containers and their version information. These containers are directly reachable over HTTP/HTTPS without access-control lists (ACLs), authentication, or rate-limiting, due to the absence of authentication and network-level restrictions on the API-gateway's proxy to internal Docker containers. This turns the internal service mesh into a public attack surface, mapped to CWE-306 (Missing Authentication for Critical Function) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vendor identifies it as V-2024-030 — Exposed Internal Docker Instance (LAN).

Any network-accessible attacker, including those on the LAN or the Internet, can exploit this vulnerability with no privileges required. Attackers can enumerate all internal services and versions via the /meta endpoint, interact with exposed APIs of each microservice as unauthenticated users, and issue malicious requests potentially leading to information disclosure, privilege escalation within containers, or denial-of-service impacting the entire appliance.

Vendor security bulletins for SaaS and VA deployments, along with independent advisories, detail mitigations including upgrades to Virtual Appliance Host version 22.0.1049 or later and Application version 20.0.2786 or later. Additional references from researchers highlight the issue and recommend network segmentation or firewall rules to restrict access to the gateway until patching.

Details

CWE(s): CWE-306

Affected Products

vasion

virtual appliance application

≤ 20.0.2786

vasion

virtual appliance host

≤ 22.0.1049

CVEs Like This One

CVE-2025-34221Same product: Vasion Virtual Appliance Application

CVE-2025-34224Same product: Vasion Virtual Appliance Application

CVE-2025-34225Same product: Vasion Virtual Appliance Application

CVE-2025-34228Same product: Vasion Virtual Appliance Application

CVE-2025-34231Same product: Vasion Virtual Appliance Application

CVE-2025-34215Same product: Vasion Virtual Appliance Application

CVE-2025-34216Same product: Vasion Virtual Appliance Application

CVE-2025-34223Same product: Vasion Virtual Appliance Application

CVE-2025-34222Same product: Vasion Virtual Appliance Application

CVE-2025-34207Same product: Vasion Virtual Appliance Application

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
Vendor Advisory · disclosure@vulncheck.com
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
Vendor Advisory · disclosure@vulncheck.com
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-exposed-docker-instances
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/vasion-print-printerlogic-exposed-internal-docker-instance
Third Party Advisory · disclosure@vulncheck.com
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-exposed-docker-instances
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0