CVE-2025-34199
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-11-25
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 20.0.2786 (exc) |
| vasion | virtual_appliance_host | to 22.0.1049 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34199 is a vulnerability in Vasion Print (formerly PrinterLogic) where the software disables TLS/SSL certificate verification when communicating with printers and internal microservices. This means the application does not properly check the authenticity of the servers it connects to, allowing attackers who can intercept network traffic to perform man-in-the-middle (MitM) attacks. These attackers can eavesdrop on, modify, or inject malicious data into communications, potentially compromising sensitive information such as print jobs, configurations, and authentication tokens. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to intercept and manipulate sensitive data transmitted between your system and printers or internal microservices. An attacker could eavesdrop on confidential print jobs, steal authentication tokens, alter configurations, inject malicious payloads, or disrupt printing services. This can lead to data breaches, unauthorized access, and service interruptions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting network traffic for unverified TLS/SSL connections or clear-text HTTP communications between the Vasion Print client and printers or internal microservices. You can use network monitoring tools like Wireshark or tcpdump to capture traffic and check for TLS connections where certificate verification is disabled or for unencrypted HTTP traffic. Additionally, reviewing the application configuration or environment variables (such as API_*_VERIFYSSL) to see if SSL verification is disabled can help identify vulnerable setups. Specific commands include: 1) Using tcpdump to capture traffic on relevant ports (e.g., tcpdump -i <interface> port <print_service_port>), 2) Using openssl s_client to test SSL connections to printers or microservices and verify certificate validation, e.g., openssl s_client -connect <printer_ip>:443, and 3) Checking environment variables in the application environment for API_*_VERIFYSSL=false. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Vasion Print Virtual Appliance Host to version 22.0.1049 or later and the Application to version 20.0.2786 or later, as these versions address the insecure SSL verification issue. Additionally, review and modify configuration settings and environment variables to ensure that TLS/SSL certificate verification is enabled (e.g., ensure API_*_VERIFYSSL variables are not set to false). Avoid using clear-text HTTP for communications between clients, printers, and microservices. Implement network-level protections such as segmenting print service traffic and using secure VPNs or encrypted tunnels to reduce exposure to on-path attackers. [1]