Cyber Resilience

CVE-2025-34224

CriticalPublic PoC

Published: 29 September 2025

Published
29 September 2025
Modified
09 October 2025
KEV Added
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0094 76.7th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-34224 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

Vasion Print, formerly known as PrinterLogic, is affected by CVE-2025-34224 in Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 for VA and SaaS deployments. The flaw stems from unauthenticated exposure of PHP scripts in the console_release directory, which map to missing authentication controls for critical device management functions as classified under CWE-306.

An unauthenticated remote attacker can directly invoke the exposed endpoints over the network to reconfigure networked printers, add or delete RFID badge devices, and alter other device settings, achieving full control over printer infrastructure without any credentials or user interaction.

Vendor security bulletins at the referenced PrinterLogic help pages detail the issue as V-2024-029 and indicate that the listed version updates address the exposure for both on-premises and SaaS deployments; additional technical analysis is available from third-party sources including VulnCheck and independent researcher write-ups.

EPSS scores remained low overall, with a modest peak of 0.0227 recorded in early 2026 before receding to the current value of 0.0094.

EU & UK References

Vulnerability details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring authentication. An unauthenticated remote attacker can invoke these endpoints…

more

to re‑configure networked printers, add or delete RFID badge devices, or otherwise modify device settings. This vulnerability has been identified by the vendor as: V-2024-029 — No Authentication to Modify Devices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability exposes unauthenticated PHP endpoints in the console_release directory of the Vasion Print Virtual Appliance and SaaS application, enabling remote attackers to reconfigure printers, manage RFID badge devices, and modify settings, which maps to exploitation of a public-facing or remotely accessible web application.

CVEs Like This One

CVE-2025-34215Same product: Vasion Virtual Appliance Application
CVE-2025-34221Same product: Vasion Virtual Appliance Application
CVE-2025-34218Same product: Vasion Virtual Appliance Application
CVE-2025-34223Same product: Vasion Virtual Appliance Application
CVE-2025-34216Same product: Vasion Virtual Appliance Application
CVE-2025-34225Same product: Vasion Virtual Appliance Application
CVE-2025-34222Same product: Vasion Virtual Appliance Application
CVE-2025-34231Same product: Vasion Virtual Appliance Application
CVE-2025-34228Same product: Vasion Virtual Appliance Application
CVE-2025-34203Same product: Vasion Virtual Appliance Application

Affected Assets

vasion
virtual appliance application
≤ 20.0.2786
vasion
virtual appliance host
≤ 22.0.1049

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventdetect

Directly prohibits and monitors unauthenticated actions such as re-configuring printers or modifying RFID devices via exposed PHP scripts.

prevent

Enforces approved access control policies to block unauthorized remote modifications through the console_release directory endpoints.

prevent

Restricts public access to sensitive endpoints, preventing unauthenticated attackers from altering networked printers and device settings.

References