CVE-2025-34228
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vasion | virtual_appliance_application | to 25.1.1413 (exc) |
| vasion | virtual_appliance_host | to 25.1.102 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application prior to certain versions. An unauthenticated PHP script accessible from the internet builds URLs from user input and makes requests without proper validation. This allows a remote attacker to make the server send requests to internal network resources, potentially enabling internal network reconnaissance, pivoting, or data exfiltration. [1]
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to access internal network resources by making the vulnerable server send unauthorized requests. This can lead to internal network reconnaissance, which may expose sensitive information, enable attackers to pivot to other systems within the network, or exfiltrate data, thereby compromising confidentiality and potentially other security aspects. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking if the vulnerable PHP script `/var/www/app/console_release/lexmark/update.php` is accessible from the internet without authentication. You can use tools like curl or wget to test access, for example: `curl -I http://<target-ip>/console_release/lexmark/update.php` to see if the endpoint responds. Additionally, monitoring network traffic for unusual outbound requests originating from the server to internal resources may indicate exploitation attempts. Since the vulnerability involves SSRF via user-controlled URLs, inspecting web server logs for requests to this script with suspicious parameters can help detect exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting external access to the vulnerable PHP script `/var/www/app/console_release/lexmark/update.php` by implementing network-level controls such as firewall rules or web application firewall (WAF) rules to block unauthenticated access. If possible, disable or restrict the script until a vendor patch is applied. Applying the vendor's confirmed remediation by upgrading to versions 25.1.102 or later for the Virtual Appliance Host and 25.1.1413 or later for the Application is the definitive fix. Additionally, monitor for suspicious activity and consider isolating the affected system from sensitive internal networks to prevent potential pivoting or data exfiltration. [1]