Cyber Resilience

CVE-2025-34218

CriticalPublic PoC

Published: 29 September 2025

Published
29 September 2025
Modified
09 October 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0060 70.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34218 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Service Discovery (T1046); ranked in the top 30.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Deeper analysis

Vasion Print, formerly known as PrinterLogic, exposes internal Docker containers in its Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 for VA and SaaS deployments. The gateway Docker instance publishes an unauthenticated /meta endpoint that enumerates every micro-service container along with version details, and the containers themselves remain reachable over HTTP or HTTPS with no ACL, authentication, or rate limiting in place. The root cause is the absence of any access controls on the API gateway’s proxy to the internal service mesh, which effectively makes the containers part of the public attack surface and is tracked by the vendor as V-2024-030.

Any attacker with LAN or Internet reachability can enumerate the services, call their exposed APIs without credentials, and issue requests that may result in information disclosure, container-level privilege escalation, or denial of service against the appliance. The issue is rated CVSS 4.0 10.0 and is classified under CWE-306 for missing authentication of a critical function.

Vendor security bulletins direct customers to upgrade the affected Virtual Appliance Host and Application components to the fixed releases. Independent analyses published alongside the bulletins confirm that the exposure stems directly from the unrestricted proxy configuration.

EPSS for the CVE rose from a low baseline to a recorded peak of 0.0115, indicating that exploitation interest increased after disclosure.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together…

more

with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire appliance. The root cause is the absence of authentication and network‑level restrictions on the API‑gateway’s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface. This vulnerability has been identified by the vendor as: V-2024-030 — Exposed Internal Docker Instance (LAN).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
T1518 Software Discovery Discovery
Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment.
T1613 Container and Resource Discovery Discovery
Adversaries may attempt to discover containers and other resources that are available within a containers environment.
Why these techniques?

Exposes internal Docker containers and microservices via unauthenticated HTTP/HTTPS /meta endpoint and APIs, enabling service enumeration (T1046), software version discovery (T1518), container discovery (T1613), exploitation of public-facing (T1190) and remote services (T1210) for privilege escalation (T1068), and endpoint DoS (T1499).

CVEs Like This One

CVE-2025-34221Same product: Vasion Virtual Appliance Application
CVE-2025-34224Same product: Vasion Virtual Appliance Application
CVE-2025-34225Same product: Vasion Virtual Appliance Application
CVE-2025-34231Same product: Vasion Virtual Appliance Application
CVE-2025-34228Same product: Vasion Virtual Appliance Application
CVE-2025-34215Same product: Vasion Virtual Appliance Application
CVE-2025-34223Same product: Vasion Virtual Appliance Application
CVE-2025-34216Same product: Vasion Virtual Appliance Application
CVE-2025-34222Same product: Vasion Virtual Appliance Application
CVE-2025-34207Same product: Vasion Virtual Appliance Application

Affected Assets

vasion
virtual appliance application
≤ 20.0.2786
vasion
virtual appliance host
≤ 22.0.1049

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-7 mandates monitoring and control of communications at external and key internal boundaries, directly preventing exposure of internal Docker containers through the unprotected gateway instance.

prevent

AC-4 enforces controls on information flows between external networks and internal systems, mitigating the lack of network-level restrictions on the API-gateway proxy to Docker containers.

prevent

AC-3 requires enforcement of approved authorizations for access to system resources, addressing the absence of authentication and ACLs on exposed microservice APIs.

References