CVE-2025-34225
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 25.1.1413 (exc) |
| vasion | virtual_appliance_host | to 25.1.102 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a server-side request forgery (SSRF) in Vasion Print Virtual Appliance Host and Application prior to certain versions. The 'console_release' directory is accessible from the internet without authentication and contains PHP scripts that build URLs from user input and then make requests without proper validation. This allows an attacker to supply a hostname and cause the server to make requests to internal network resources, potentially enabling internal network reconnaissance, pivoting, or data exfiltration.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to make the server send requests to internal network resources, which can lead to internal network reconnaissance, unauthorized access to internal systems, potential lateral movement within the network, and data exfiltration. Because the endpoint is unauthenticated, any remote attacker can exploit this without credentials.