CVE-2025-34199

Name: CVE-2025-34199
Creator: NVD / NIST
Published: 2025-09-19T19:15:40.58+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.3/10EPSS 0.51%

Last modified Jun 17, 2026

CVE-2025-34199 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. In multiple places, the application sets libcurl/PHP transport options such that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are effectively disabled, and environment variables (for example API_*_VERIFYSSL=false) are used to turn off verification for gateway and microservice endpoints. EPSS estimates a 0.51% chance of exploitation in the next 30 days.

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. In multiple places, the application sets libcurl/PHP transport options such that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are effectively disabled, and environment variables (for example API_*_VERIFYSSL=false) are used to turn off verification for gateway and microservice endpoints. As a result, the client accepts TLS connections without validating server certificates (and, in some cases, uses clear-text HTTP), permitting on-path attackers to perform man-in-the-middle (MitM) attacks. An attacker able to intercept network traffic between the product and printers or microservices can eavesdrop on and modify sensitive data (including print jobs, configuration, and authentication tokens), inject malicious payloads, or disrupt service. This vulnerability has been identified by the vendor as: V-2024-024 — Insecure Communication to Printers & Microservices.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

9.3/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.51%

39.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Vasion	Virtual Appliance Application	< 20.0.2786
Vasion	Virtual Appliance Host	< 22.0.1049

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmVendor Advisory
https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htmVendor Advisory
https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-communicationsExploit, Third Party Advisory
https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-ssl-verification-allows-mitm-attacksThird Party Advisory

Timeline

Published: Sep 19, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-34199?

How severe is CVE-2025-34199?

CVE-2025-34199 has a CVSS score of 9.3/10 (CRITICAL severity). The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.

How do I fix CVE-2025-34199?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-34199?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST