CVE-2025-34223
Published: 29 September 2025
Summary
CVE-2025-34223 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked in the top 15.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and IA-5 (Authenticator Management).
Deeper analysis
Vasion Print, formerly known as PrinterLogic, Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 in VA and SaaS deployments contain a default administrative account together with an unauthenticated installation endpoint at /admin/query/update_database.php. The endpoint accepts unauthenticated POST requests that supply arbitrary root_user and root_password values, while hard-coded SHA-512 and SHA-1 hashes of the original default password allow the supplied values to bypass password-policy checks. The issue is tracked by the vendor as V-2024-022 and is also described by CWE-306 and CWE-798.
An unauthenticated remote attacker who can reach the installation web interface can therefore replace the built-in administrator credentials and obtain full administrative control of the appliance or SaaS instance during its initial setup phase. Because the attack requires no prior authentication and succeeds over the network with minimal complexity, it yields complete system compromise before any legitimate administrator has configured the product.
Vendor security bulletins hosted at help.printerlogic.com direct customers to upgrade the Virtual Appliance Host to 22.0.1049 or later and the Application component to 20.0.2786 or later; the same pages list the vulnerability under the internal identifier V-2024-022 and advise applying the updates to close the installation-time exposure.
The associated EPSS score rose from a low baseline to a recorded peak of 0.0384, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31638
Vulnerability details
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication. An attacker who can…
more
reach the installation web interface can POST arbitrary `root_user` and `root_password` values, causing the script to replace the default admin credentials with attacker‑controlled ones. The script also contains hard‑coded SHA‑512 and SHA‑1 hashes of the default password, allowing the attacker to bypass password‑policy validation. As a result, an unauthenticated remote attacker can obtain full administrative control of the system during the initial setup. This vulnerability has been identified by the vendor as: V-2024-022 — Insecure Installation Credentials.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated access to installation endpoint enables overwriting default admin credentials, facilitating exploitation of public-facing application (T1190) and leveraging default accounts (T1078.001) for full administrative control.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-14 explicitly prohibits permitted actions without identification or authentication for critical functions like the unauthenticated endpoint that allows overwriting admin credentials.
IA-5 mandates changing default authenticators prior to first use and ensuring sufficient strength of mechanism, directly addressing hard-coded default credentials and bypassable password policies.
AC-2 requires proper management of accounts including disabling defaults and monitoring usage, mitigating risks from persistent default admin accounts during and post-initial setup.