CVE-2025-34211
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-03

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching public certificate stored in cleartext.Β The key belongs to the hostname `pl‑local.com` and is used by the appliance to terminate TLS connections on ports 80/443. Because the key is hardcoded, any attacker who can gain container-level access can simply read the files and obtain the private key. With the private key, the attacker can decrypt TLS traffic, perform man-in-the-middle attacks, or forge TLS certificates.Β This enables impersonation of the appliance’s web UI, interception of credentials, and unrestricted access to any services that trust the certificate. The same key is identical across all deployed appliances meaning a single theft compromises the confidentiality of every Vasion Print installation.Β This vulnerability has been identified by the vendor as: V-2024-025 β€” Hardcoded SSL Certificate & Private Keys.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-03
Generated
2026-06-16
AI Q&A
2025-09-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-34211
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application to 20.0.2786 (exc)
vasion virtual_appliance_host to 22.0.1049 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves Vasion Print (formerly PrinterLogic) products using a hardcoded private SSL key and matching public certificate stored in cleartext within the appliance. The key is identical across all deployed appliances and is used to terminate TLS connections. An attacker with container-level access can read the private key, allowing them to decrypt TLS traffic, perform man-in-the-middle attacks, forge TLS certificates, impersonate the appliance’s web UI, intercept credentials, and gain unrestricted access to services trusting the certificate. [1]

Impact Analysis

The impact includes potential decryption of secure TLS communications, man-in-the-middle attacks, impersonation of the appliance’s web interface, interception of user credentials, and unauthorized access to services that trust the compromised certificate. Since the private key is the same across all installations, a single compromise affects every deployment, severely compromising confidentiality, integrity, and availability of the affected systems. [1]

Detection Guidance

This vulnerability can be detected by checking if the Vasion Print Virtual Appliance Host or Application versions are below 22.0.1049 and 20.0.2786 respectively. Additionally, detection involves verifying if the private SSL key and matching public certificate for hostname 'pl-local.com' are stored in cleartext on the system. Commands to locate and inspect these files might include searching for SSL key files within the appliance container or host filesystem, for example using commands like 'find / -name "*.key"' or 'grep -r "pl-local.com" /path/to/certificate/dir'. However, specific commands are not detailed in the provided resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading the Vasion Print Virtual Appliance Host to version 22.0.1049 or later and the Application to version 20.0.2786 or later, as these versions address the vulnerability by removing the hardcoded SSL keys. Additionally, restricting container-level access to prevent unauthorized reading of private keys is critical. Vendor security bulletins provide further guidance on mitigation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart