ByteOS Network

NVD Vulnerability Details :

CVE-2025-34199

Modified

Source-disclosure@vulncheck.com

Published At-19 Sep, 2025 | 19:15

Updated At-25 Nov, 2025 | 15:15

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. In multiple places, the application sets libcurl/PHP transport options such that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are effectively disabled, and environment variables (for example API_*_VERIFYSSL=false) are used to turn off verification for gateway and microservice endpoints. As a result, the client accepts TLS connections without validating server certificates (and, in some cases, uses clear-text HTTP), permitting on-path attackers to perform man-in-the-middle (MitM) attacks. An attacker able to intercept network traffic between the product and printers or microservices can eavesdrop on and modify sensitive data (including print jobs, configuration, and authentication tokens), inject malicious payloads, or disrupt service. This vulnerability has been identified by the vendor as: V-2024-024 — Insecure Communication to Printers & Microservices.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

vasion>>virtual_appliance_application>>Versions before 20.0.2786(exclusive)

cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*

vasion>>virtual_appliance_host>>Versions before 22.0.1049(exclusive)

cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Secondary	disclosure@vulncheck.com
CWE-295	Primary	nvd@nist.gov

CWE ID: CWE-295

Type: Secondary

Source: disclosure@vulncheck.com

CWE ID: CWE-295

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm	disclosure@vulncheck.com	Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm	disclosure@vulncheck.com	Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-communications	disclosure@vulncheck.com	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-ssl-verification-allows-mitm-attacks	disclosure@vulncheck.com	Third Party Advisory

Hyperlink: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Source: disclosure@vulncheck.com

Resource:

Vendor Advisory

Hyperlink: https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Source: disclosure@vulncheck.com

Resource:

Vendor Advisory

Hyperlink: https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-communications

Source: disclosure@vulncheck.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-ssl-verification-allows-mitm-attacks

Source: disclosure@vulncheck.com

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History