{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-34221", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.574Z", "datePublished": "2025-09-29T20:43:36.637Z", "dateUpdated": "2025-09-30T15:13:36.287Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Underlying Docker bridge network (172.17.0.0/16)"], "product": "Print Virtual Appliance Host", "vendor": "Vasion", "versions": [{"lessThan": "25.2.169", "status": "affected", "version": "*", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["Underlying Docker bridge network (172.17.0.0/16)"], "product": "Print Application", "vendor": "Vasion", "versions": [{"lessThan": "25.2.1518", "status": "affected", "version": "*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pierre Barre"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169&nbsp;and Application prior to version 25.2.1518&nbsp;(VA/SaaS deployments)&nbsp;expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.&nbsp;Because no authentication, ACL or client\u2011side identifier<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.&nbsp;The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.&nbsp;</span>This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances.<br>"}], "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169\u00a0and Application prior to version 25.2.1518\u00a0(VA/SaaS deployments)\u00a0expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.\u00a0Because no authentication, ACL or client\u2011side identifier\u00a0is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.\u00a0The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.\u00a0This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances."}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-09-29T20:43:36.637Z"}, "references": [{"tags": ["technical-description"], "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass"}, {"tags": ["vendor-advisory", "patch"], "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"}, {"tags": ["vendor-advisory", "patch"], "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-unrestriced-access-to-docker-bridge-network"}], "source": {"discovery": "INTERNAL"}, "title": "Vasion Print (formerly PrinterLogic)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-30T15:13:23.310817Z", "id": "CVE-2025-34221", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:13:36.287Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34221", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-30T15:13:23.310817Z"}}}], "references": [{"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:13:32.568Z"}}], "cna": {"title": "Vasion Print (formerly PrinterLogic)", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Pierre Barre"}], "impacts": [{"capecId": "CAPEC-1", "descriptions": [{"lang": "en", "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Vasion", "modules": ["Underlying Docker bridge network (172.17.0.0/16)"], "product": "Print Virtual Appliance Host", "versions": [{"status": "affected", "version": "*", "lessThan": "25.2.169", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Vasion", "modules": ["Underlying Docker bridge network (172.17.0.0/16)"], "product": "Print Application", "versions": [{"status": "affected", "version": "*", "lessThan": "25.2.1518", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass", "tags": ["technical-description"]}, {"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm", "tags": ["vendor-advisory", "patch"]}, {"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm", "tags": ["vendor-advisory", "patch"]}, {"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-unrestriced-access-to-docker-bridge-network", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169\u00a0and Application prior to version 25.2.1518\u00a0(VA/SaaS deployments)\u00a0expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.\u00a0Because no authentication, ACL or client\u2011side identifier\u00a0is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.\u00a0The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.\u00a0This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances.", "supportingMedia": [{"type": "text/html", "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169&nbsp;and Application prior to version 25.2.1518&nbsp;(VA/SaaS deployments)&nbsp;expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.&nbsp;Because no authentication, ACL or client\u2011side identifier<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.&nbsp;The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.&nbsp;</span>This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-09-29T20:43:36.637Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34221", "state": "PUBLISHED", "dateUpdated": "2025-09-30T15:13:36.287Z", "dateReserved": "2025-04-15T19:15:22.574Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-09-29T20:43:36.637Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vasion:virtual_appliance_application:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCFB28D0-C369-4D58-9B28-53EB008E7F81", "versionEndExcluding": "25.2.1518", "vulnerable": true}, {"criteria": "cpe:2.3:a:vasion:virtual_appliance_host:*:*:*:*:*:*:*:*", "matchCriteriaId": "29D5DC78-608D-4BA5-B4F9-CE7A092F1E2F", "versionEndExcluding": "25.2.169", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169\u00a0and Application prior to version 25.2.1518\u00a0(VA/SaaS deployments)\u00a0expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network.\u00a0Because no authentication, ACL or client\u2011side identifier\u00a0is required, the attacker can interact with any internal API, bypassing the product\u2019s authentication mechanisms entirely.\u00a0The result is unauthenticated remote access to internal services, allowing credential theft, configuration manipulation and potential remote code execution.\u00a0This vulnerability has been identified by the vendor as: V-2025-002 \u2014 Authentication Bypass - Docker Instances."}], "id": "CVE-2025-34221", "lastModified": "2025-10-09T18:11:54.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-09-29T21:15:35.740", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-unrestriced-access-to-docker-bridge-network"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-auth-bypass"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"created": "2025-09-30T08:47:43.439858+00:00", "updated": "2025-09-30T08:47:43.439933+00:00", "vendors": ["vasion", "vasion$PRODUCT$virtual_appliance_application", "vasion$PRODUCT$virtual_appliance_host"]}