216.73.217.80

CVE-2025-34233

· Published 29/09/2025 21:15 · Modified 29/09/2025 21:15

Labels: CVE-2025-34233 2025-09-29CVE-2025-34233CWE-918[email protected]

Essential information

Published
29/09/2025 21:15
Modified
29/09/2025 21:15
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a protection mechanism failure vulnerability within the file_get_contents() function. When an administrator configures a printer’s hostname (or similar callback field), the value is passed unchecked to PHP’s file_get_contents()/cURL functions, which follow redirects and impose no allow‑list, scheme, or IP‑range restrictions. An admin‑level attacker can therefore point the hostname to a malicious web server that issues a 301 redirect to internal endpoints such as the AWS EC2 metadata service. The server follows the redirect, retrieves the metadata, and returns or stores the credentials, enabling the attacker to steal cloud IAM keys, enumerate internal services, and pivot further into the SaaS infrastructure. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vasion print / virtual appliance host cpe:2.3:a:vasion_print:virtual_appliance_host:<25.1.102:*:*:*:*:*:*:*
vasion print / application cpe:2.3:a:vasion_print:application:<25.1.1413:*:*:*:*:*:*:*

References