CVE-2025-34221
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-09

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no authentication, ACL or client‑side identifier is required, the attacker can interact with any internal API, bypassing the product’s authentication mechanisms entirely. The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution. This vulnerability has been identified by the vendor as: V-2025-002 — Authentication Bypass - Docker Instances.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-09
Generated
2026-05-07
AI Q&A
2025-09-29
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34221
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application to 25.2.1518 (exc)
vasion virtual_appliance_host to 25.2.169 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-34221 is a critical vulnerability in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application versions prior to 25.2.169 and 25.2.1518 respectively. It allows unrestricted network access to the internal Docker bridge network because firewall rules do not restrict traffic. No authentication or access control is required, so an attacker can bypass authentication mechanisms and interact with internal APIs. This leads to unauthenticated remote access to internal services, enabling credential theft, configuration changes, and potentially remote code execution. [1]


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized remote access to internal services, theft of credentials, manipulation of system configurations, and potentially remote code execution. Because an attacker can bypass authentication entirely and access critical internal APIs, it compromises confidentiality, integrity, and availability of the affected system, potentially leading to full system compromise. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves checking if your Vasion Print (formerly PrinterLogic) Virtual Appliance Host is running a version prior to 25.2.169 or the Application prior to 25.2.1518, and verifying if the Docker bridge network is exposed without firewall restrictions. You can use network scanning tools like nmap to detect open Docker bridge network ports. For example, running 'nmap -p <docker-bridge-ports> <target-ip>' can help identify exposed Docker services. Additionally, inspecting firewall rules to confirm if traffic to the Docker bridge network is unrestricted is recommended. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include upgrading the Vasion Print Virtual Appliance Host to version 25.2.169 or later and the Application to version 25.2.1518 or later. Additionally, restrict network access to the Docker bridge network by implementing proper firewall rules to block unauthorized traffic. Ensuring authentication and access controls are in place to prevent unauthenticated access to internal Docker container APIs is critical. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart