CVE-2025-34225
Published: 29 September 2025
Summary
CVE-2025-34225 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Vasion Virtual Appliance Application. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Remote System Discovery (T1018); ranked in the top 42.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Restricts publicly accessible content like the unauthenticated console_release directory containing exploitable PHP scripts that enable SSRF.
Enforces validation of user-controlled inputs used to build URLs in PHP scripts, preventing SSRF via malicious hostnames despite incomplete filter_var checks.
Monitors and controls communications at boundaries, including subnetwork separation, to block SSRF-induced requests to internal resources.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated SSRF in public-facing console_release directory (T1190) enables attackers to probe internal hosts (T1018: Remote System Discovery) and services (T1046: Network Service Discovery) for reconnaissance, pivoting, and potential data exfiltration.
NVD Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is reachable from the internet without any authentication. Inside that directory…
more
are dozens of PHP scripts that build URLs from user‑controlled values and then invoke either 'curl_exec()` or `file_get_contents()` without proper validation. Although many files attempt to mitigate SSRF by calling `filter_var', the checks are incomplete. Because the endpoint is unauthenticated, any remote attacker can supply a hostname and cause the server to issue requests to internal resources. This enables internal network reconnaissance, potential pivoting, or data exfiltration. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
Deeper analysisAI
CVE-2025-34225 is a server-side request forgery (SSRF) vulnerability affecting Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 in VA/SaaS deployments. The issue stems from the `console_release` directory being publicly accessible from the internet without authentication. This directory contains dozens of PHP scripts that construct URLs from user-controlled input and invoke `curl_exec()` or `file_get_contents()` functions. While some scripts attempt SSRF mitigation via `filter_var()` calls, these checks are incomplete, allowing forged requests. The vulnerability is associated with CWE-306 (Missing Authentication for Critical Function) and CWE-918 (SSRF), earning a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).
Any unauthenticated remote attacker can exploit this vulnerability by supplying a malicious hostname to the exposed PHP endpoints, tricking the server into issuing requests to internal network resources. Successful exploitation enables internal network reconnaissance by probing for live hosts, services, or metadata endpoints; potential pivoting to other internal systems; or data exfiltration from restricted environments.
Vendor security bulletins for PrinterLogic SaaS and VA deployments confirm the vulnerability has been remediated, though the exact patch introduction version remains unclear. Additional details are available in advisories from VulnCheck and researcher Pierre Kim's analysis of 83 vulnerabilities in Vasion/PrinterLogic products. Security practitioners should verify deployments are updated to version 25.1.102 or later for the Virtual Appliance Host and 25.1.1413 or later for the Application.
Details
- CWE(s)