CVE-2025-34203

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components (examples: Nginx 1.17.x, OpenSSL 1.1.1d, various EOL Alpine/Debian/Ubuntu base images, and EOL Laravel/PHP libraries). These components are present across many container images and increase the product's attack surface, enabling exploitation chains when leveraged by an attacker. Multiple distinct EOL versions and unpatched libraries across containers; Nginx binaries date from 2019 in several images and Laravel versions observed include EOL releases (for example Laravel 5.5.x, 5.7.x, 5.8.x).

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm	Vendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm	Vendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-outdated-components	Exploit Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-use-of-outdated-eol-vulnerable-third-party-components	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vasion:virtual_appliance_application::::::::
	cpe:2.3:a:vasion:virtual_appliance_host::::::::

History

24 Sep 2025, 19:19

Type	Values Removed	Values Added
First Time		Vasion virtual Appliance Application Vasion virtual Appliance Host Vasion
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		NVD-CWE-noinfo
References	~~() https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm -~~	() https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm - Vendor Advisory
References	~~() https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm -~~	() https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm - Vendor Advisory
References	~~() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-outdated-components -~~	() https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-outdated-components - Exploit, Third Party Advisory
References	~~() https://www.vulncheck.com/advisories/vasion-print-printerlogic-use-of-outdated-eol-vulnerable-third-party-components -~~	() https://www.vulncheck.com/advisories/vasion-print-printerlogic-use-of-outdated-eol-vulnerable-third-party-components - Third Party Advisory
CPE		cpe:2.3:a:vasion:virtual_appliance_application:::::::: cpe:2.3:a:vasion:virtual_appliance_host::::::::

19 Sep 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-19 19:15

Updated : 2025-09-24 19:19

NVD link : CVE-2025-34203

Mitre link : CVE-2025-34203

CVE.ORG link : CVE-2025-34203

JSON object : View

Products Affected

vasion

virtual_appliance_host
virtual_appliance_application

CWE

NVD-CWE-noinfo

9.8 /10