CVE-2025-34205
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-10-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 20.0.1923 (exc) |
| vasion | virtual_appliance_host | to 22.0.843 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-561 | The product contains dead code, which can never be executed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34205 is a critical vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application versions prior to certain releases. It involves dangerous PHP dead code present in multiple Docker-hosted PHP instances. Specifically, a script named resetroot.php lacks authentication and allows an attacker to reset the MySQL root password to a known value, gaining full database control. Additionally, commented-out code could enable remote code execution if re-enabled or exploited. This combination allows an attacker to execute arbitrary code remotely and fully compromise the system without any authentication or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full compromise of the affected system. An attacker can reset the database administrator password, gain full control over the database, and potentially execute arbitrary code remotely. This leads to complete system compromise, risking confidentiality, integrity, and availability of data and services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if your system is running Vasion Print Virtual Appliance Host versions prior to 22.0.843 or Application versions prior to 20.0.1923. Additionally, you can verify the presence of the /var/www/app/resetroot.php script in Docker-hosted PHP instances. A practical command to check for the vulnerable resetroot.php file on the system would be: `find /var/www/app/ -name resetroot.php`. Network detection could involve scanning for accessible resetroot.php endpoints on the appliance's IP addresses or domains. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Vasion Print Virtual Appliance Host to version 22.0.843 or later and the Application to version 20.0.1923 or later, as these versions address the vulnerability. Additionally, restrict network access to the resetroot.php endpoint to prevent unauthorized execution. If upgrading is not immediately possible, consider removing or disabling the resetroot.php script and auditing Docker containers for the presence of dangerous PHP dead code. Monitoring and blocking unauthorized access attempts to the vulnerable endpoints is also recommended. [1]