CVE-2025-34201
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-09-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | * |
| vasion | virtual_appliance_host | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-653 | The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application deployments that run many Docker containers on shared internal networks without proper firewalling or segmentation between instances. Because of this lack of network isolation, if an attacker compromises any single container, they can directly access internal services such as HTTP, Redis, and MySQL on the overlay network. This allows the attacker to move laterally between containers, potentially exploiting other services and leading to data theft or a system-wide compromise. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized lateral movement within the containerized environment, allowing an attacker who compromises one container to access and exploit other internal services. This can result in data theft, unauthorized access to sensitive information, and potentially a full system compromise, affecting the confidentiality, integrity, and availability of the affected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying Docker containers running on shared internal networks without proper firewalling or segmentation. You can inspect Docker networks and container connections to check for lack of isolation. Commands such as 'docker network ls' to list networks, 'docker network inspect <network_name>' to view connected containers, and 'docker ps' to list running containers can help. Additionally, monitoring network traffic between containers for unauthorized access attempts may indicate exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing network segmentation and firewall rules between Docker containers to prevent lateral movement. Restrict container communication to only necessary services and isolate containers on separate networks where possible. Review and apply any vendor security bulletins or patches if available. Limiting privileges of containers and monitoring for suspicious activity are also recommended. [1]