CVE-2025-34207
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 20.0.2786 (exc) |
| vasion | virtual_appliance_host | to 22.0.1049 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Vasion Print (formerly PrinterLogic) involves an insecure SSH client configuration within Docker instances. Specifically, the SSH client is set with options that disable verification of the remote host's SSH key and automatically forward the developer's SSH agent to any host matching configured wildcard patterns. This means an attacker who compromises a single container can trick it into connecting to a malicious SSH server, capture the forwarded private keys, and then use those keys to move laterally across the environment without restriction. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is significant. An attacker who gains access to one compromised container can capture private SSH keys forwarded by the vulnerable configuration. With these keys, the attacker can perform unrestricted lateral movement across the environment, potentially accessing sensitive systems and data, leading to unauthorized access, data breaches, and disruption of services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the SSH client configuration within Docker instances on affected Vasion Print (PrinterLogic) Virtual Appliance Hosts or Applications. Specifically, look for SSH client options set as: UserKnownHostsFile=/dev/null, StrictHostKeyChecking=no, and ForwardAgent yes. Commands to check the SSH client configuration inside containers might include: 1) docker exec -it <container_id> grep -E 'UserKnownHostsFile|StrictHostKeyChecking|ForwardAgent' /etc/ssh/ssh_config or the relevant SSH client config file; 2) Inspect Docker container startup scripts or environment variables for SSH client options; 3) Use docker exec to run ssh -G <host> inside containers to see effective SSH options. These checks help identify if the insecure SSH client settings are present, indicating vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating Vasion Print (PrinterLogic) Virtual Appliance Host to version 22.0.1049 or later and the Application to version 20.0.2786 or later, as these versions fix the insecure SSH client configuration. Additionally, review and modify SSH client configurations within Docker instances to remove or change the insecure options: avoid setting UserKnownHostsFile=/dev/null, disable StrictHostKeyChecking=no, and disable ForwardAgent yes unless absolutely necessary. Restrict network access to containers to prevent attackers from reaching compromised containers. Monitor for unusual SSH connections and lateral movement attempts within your environment. [1]