Vulnerability Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vasion | Virtual Appliance Application | < 20.0.2702 |
| Vasion | Virtual Appliance Host | < 22.0.1026 |
Related Weaknesses (CWE)
References
- https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
- https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
- https://www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-firmware-uThird Party Advisory
- https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilitiExploitThird Party Advisory
FAQ
What is CVE-2025-34215?
CVE-2025-34215 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: ...
How severe is CVE-2025-34215?
CVE-2025-34215 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-34215?
Check the references section above for vendor advisories and patch information. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host.