CVE-2025-34233
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-09

Assigner: VulnCheck

Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When an administrator configures a printer’s hostname (or similar callback field), the value is passed unchecked to PHP’s file_get_contents()/cURL functions, which follow redirects and impose no allow‑list, scheme, or IP‑range restrictions. An admin‑level attacker can therefore point the hostname to a malicious web server that issues a 301 redirect to internal endpoints such as the AWS EC2 metadata service. The server follows the redirect, retrieves the metadata, and returns or stores the credentials, enabling the attacker to steal cloud IAM keys, enumerate internal services, and pivot further into the SaaS infrastructure. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-09
Generated
2026-05-27
AI Q&A
2025-09-29
EPSS Evaluated
2026-05-25
NVD
CVE-2025-34233
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vasion virtual_appliance_application to 25.1.1413 (exc)
vasion virtual_appliance_host to 25.1.102 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Vasion Print (formerly PrinterLogic) involves improper handling of administrator-configured printer hostnames in the file_get_contents() PHP function. When an admin sets a printer's hostname, the value is not properly validated and is passed unchecked to file_get_contents() or cURL functions, which follow redirects without restrictions. An attacker with admin privileges can exploit this by pointing the hostname to a malicious server that redirects to internal endpoints like the AWS EC2 metadata service. The server then retrieves sensitive metadata, such as cloud IAM keys, allowing the attacker to steal credentials, enumerate internal services, and further compromise the SaaS infrastructure. [1]


How can this vulnerability impact me? :

This vulnerability can lead to severe impacts including theft of cloud IAM credentials, unauthorized enumeration of internal services, and further compromise of the SaaS infrastructure. An attacker with admin privileges can exploit this to pivot deeper into the environment, potentially gaining extensive access and control over cloud resources and sensitive data. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Vasion Print (formerly PrinterLogic) Virtual Appliance Host to version 25.1.102 or later, and the Application to version 25.1.1413 or later, as these versions contain the confirmed remediation. Additionally, avoid configuring printer hostnames or callback fields with untrusted or external URLs to prevent exploitation via server-side request forgery. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart