CVE-2025-34218 – Vasion Print Exposed Internal Docker Instance Vulnerability

Vulnerability

A vulnerability exists in Vasion Print Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786, specifically in VA/SaaS deployments. The issue arises because the gateway Docker instance exposes internal micro-service containers without authentication or access controls. This allows unauthorized users to interact with the APIs of these microservices, potentially leading to information disclosure, privilege escalation within the container, or a denial-of-service for the entire appliance.

Impact

Exploitation of this vulnerability could allow unauthorized users to access internal micro-services via their APIs, potentially leading to information disclosure, privilege escalation within the Docker container, or a denial-of-service for the entire Vasion Print appliance.

Remediation

Users can update to Vasion Print Virtual Appliance Host version 22.0.1049 and Application version 20.0.2786 to address this vulnerability.

Added: Sep 29, 2025, 9:50 PM

Updated: Sep 29, 2025, 9:50 PM

Affected Products

No known affected products were detected.

CVSS Scores

volerion

8.8

CVSS 4.0

8.8

High

volerion

8.6

CVSS 3.1

8.6

High

nvd@nist.gov

9.8

CVSS 3.1

9.8

Critical

Vendor

10.0

CVSS 4.0

10.0

Critical

Click a row to open the calculator.

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

AdvisoryBundleRemedyVendor

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

AdvisoryBundleRemedyVendor

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-exposed-docker-instances

BundleTechnical Analysis

https://www.vulncheck.com/advisories/vasion-print-printerlogic-exposed-internal-docker-instance

AdvisoryBundleVendor

Showing 1-4 of 4 references

Vasion Print Exposed Internal Docker Instance Vulnerability