CVE-2025-34203

Sept. 19, 2025, 7:15 p.m.

9.3
Critical

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components (examples: Nginx 1.17.x, OpenSSL 1.1.1d, various EOL Alpine/Debian/Ubuntu base images, and EOL Laravel/PHP libraries). These components are present across many container images and increase the product's attack surface, enabling exploitation chains when leveraged by an attacker. Multiple distinct EOL versions and unpatched libraries across containers; Nginx binaries date from 2019 in several images and Laravel versions observed include EOL releases (for example Laravel 5.5.x, 5.7.x, 5.8.x).

Product(s) Impacted

Vendor Product Versions
Vasion Print
  • Virtual Appliance Host
  • Application
  • <22.0.1002
  • <20.0.2614
Nginx
  • Nginx
  • <1.17
Openssl
  • Openssl
  • <1.1.1d
Laravel
  • Laravel
  • <5.5, <5.7, <5.8

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a vasion_print virtual_appliance_host <22.0.1002 / / / / / / /
a vasion_print application <20.0.2614 / / / / / / /
a nginx nginx <1.17 / / / / / / /
a openssl openssl <1.1.1d / / / / / / /
a laravel laravel <5.5 / / / / / / /
a laravel laravel <5.7 / / / / / / /
a laravel laravel <5.8 / / / / / / /

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-outdated-components
https://www.vulncheck.com/advisories/vasion-print-printerlogic-use-of-outdated-eol-vulnerable-third-party-components

Tags

disclosure@vulncheck.com
2025-09-19
CVE-2025-34203

CVSS Score

9.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
  • Exploit Maturity: NOT_DEFINED

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Sept. 19, 2025, 7:15 p.m.
Last Modified: Sept. 19, 2025, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.