CVE-2025-34202
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-10-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 25.1.1413 (exc) |
| vasion | virtual_appliance_host | to 25.2.169 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-291 | The product uses an IP address for authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34202 is a vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application that exposes Docker internal networks. An attacker on the same external Layer 2 network segment or one who can add routes using the appliance as a gateway can directly access container IPs. This access allows the attacker to reach internal services like HTTP APIs, Redis, and MySQL, which are meant to be isolated and often lack proper authentication or have known exploits. This can lead to lateral movement, remote code execution, data theft, and full system compromise. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to internal container services, enabling attackers to move laterally within the network, execute remote code, exfiltrate sensitive data, and potentially take full control of the affected system. Because the internal services are exposed without proper authentication, attackers can exploit this vulnerability with low complexity and no user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your Vasion Print (formerly PrinterLogic) Virtual Appliance Host or Application versions are prior to 25.2.169 and 25.2.1518 respectively, and checking if Docker internal networks are exposed to the external L2 segment. Network scanning tools can be used to detect accessible container IPs and exposed internal services such as HTTP APIs, Redis, and MySQL without authentication. Commands like 'nmap' can be used to scan for open ports and services on container IP ranges reachable from your network. For example, 'nmap -sV -p 80,6379,3306 <target-ip-range>' can help identify exposed HTTP, Redis, and MySQL services. Additionally, verifying routing tables and gateway configurations can help detect if the appliance is being used as a gateway allowing route additions. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Vasion Print Virtual Appliance Host to version 25.2.169 or later and the Application to version 25.2.1518 or later, as these versions contain fixes for the vulnerability. Additionally, restrict network access to the appliance to prevent attackers on the same external L2 segment or those able to add routes from reaching Docker internal networks. Implement network segmentation and firewall rules to block unauthorized access to container IPs and internal services. Avoid relying solely on IP address-based authentication and ensure proper authentication mechanisms are in place for internal services. [1]