10
CVE-2025-34216 - Vasion Print (formerly PrinterLogic) RCE and Password Leaks via API
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration files and clear‑text passwords. The same endpoints also disclose the L…
8.5
CVE-2025-34233 - Vasion Print (formerly PrinterLogic) Insecure Use of file_get_contents()
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When an administrator configures a printer’s hostname …
7.9
CVE-2025-34207 - Vasion Print (formerly PrinterLogic) Insecure SSH Client Configuration
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following options: `UserKnownHostsFile=/dev/null`, `StrictHostKeyChecking=no`, and `ForwardAgent yes`…
10
CVE-2025-34223 - Vasion Print (formerly PrinterLogic) Insecure Installation Credentials
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can be accessed without authentication…
8.7
CVE-2025-34212 - Vasion Print (formerly PrinterLogic) Insecure Build Pipeline
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature…
9.3
CVE-2025-34211 - Vasion Print (formerly PrinterLogic) Hardcoded SSL Certificate and Private Keys
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching public certificate stored in cleartext. The key belongs to the hostname `pl‑local.com` and is used by th…
9.4
CVE-2025-34209 - Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase for the account *no‑reply+virtual‑[email protected]*. The key is stored in cleartext and …
9.2
CVE-2025-34234 - Vasion Print (formerly PrinterLogic) Hardcoded Encryption Private Keys
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in the application containers (printerlogic/pi, printerlogic/printer-admin-api, and printercloud…
10
CVE-2025-34218 - Vasion Print (formerly PrinterLogic) Exposed Internal Docker Instance
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container…
6.9
CVE-2025-34232 - Vasion Print (formerly PrinterLogic) Blind SSRF via Lexmark dellCheck.php
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable via the /var/www/app/console_release/lexmark/dellCheck.php script that ca…