CVE-2025-34207
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-03

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`, and `ForwardAgent yes`. These settings disable verification of the remote host’s SSH key and automatically forward the developer’s SSH‑agent to any host that matches the configured wildcard patterns. As a result, an attacker who can reach a single compromised container can cause the container to connect to a malicious SSH server, capture the forwarded private keys, and use those keys for unrestricted lateral movement across the environment. This vulnerability has been identified by the vendor as: V-2024-027 — Insecure Secure Shell (SSH) Configuration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-03
Generated
2026-06-16
AI Q&A
2025-09-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34207
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application to 20.0.2786 (exc)
vasion virtual_appliance_host to 22.0.1049 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Vasion Print (formerly PrinterLogic) involves an insecure SSH client configuration within Docker instances. Specifically, the SSH client is set with options that disable verification of the remote host's SSH key and automatically forward the developer's SSH agent to any host matching configured wildcard patterns. This means an attacker who compromises a single container can trick it into connecting to a malicious SSH server, capture the forwarded private keys, and then use those keys to move laterally across the environment without restriction. [1]

Impact Analysis

The impact of this vulnerability is significant. An attacker who gains access to one compromised container can capture private SSH keys forwarded by the vulnerable configuration. With these keys, the attacker can perform unrestricted lateral movement across the environment, potentially accessing sensitive systems and data, leading to unauthorized access, data breaches, and disruption of services. [1]

Detection Guidance

You can detect this vulnerability by checking the SSH client configuration within Docker instances on affected Vasion Print (PrinterLogic) Virtual Appliance Hosts or Applications. Specifically, look for SSH client options set as: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. Commands to check the SSH client configuration inside containers might include: 1) docker exec -it <container_id> grep -E 'UserKnownHostsFile|StrictHostKeyChecking|ForwardAgent' /etc/ssh/ssh_config or the relevant SSH client config file; 2) Inspect Docker container startup scripts or environment variables for SSH client options; 3) Use docker exec to run ssh -G <host> inside containers to see effective SSH options. These checks help identify if the insecure SSH client settings are present, indicating vulnerability. [1]

Mitigation Strategies

Immediate mitigation steps include updating Vasion Print (PrinterLogic) Virtual Appliance Host to version 22.0.1049 or later and the Application to version 20.0.2786 or later, as these versions fix the insecure SSH client configuration. Additionally, review and modify SSH client configurations within Docker instances to remove or change the insecure options: avoid setting UserKnownHostsFile=/dev/null, disable StrictHostKeyChecking=no, and disable ForwardAgent yes unless absolutely necessary. Restrict network access to containers to prevent attackers from reaching compromised containers. Monitor for unusual SSH connections and lateral movement attempts within your environment. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34207. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart