CVE-2025-34192 concerns the use of an unmaintained third-party component, OpenSSL 1.0.2h-fips, in Vasion Print Virtual Appliance Host and Application versions prior to specified releases. OpenSSL 1.0.2h-fips reached end-of-life in 2019, meaning it no longer receives security updates or patches. Continued use exposes the product to known cryptographic vulnerabilities that could be exploited to compromise TLS/SSL processing or cryptographic operations. The vendor has acknowledged this vulnerability as V-2023-021 and has released patches to update the OpenSSL library. The affected product is delivered as a cloud service, and the vendor manages patching and remediation for this environment. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability.

The use of an outdated OpenSSL library with known unpatched vulnerabilities weakens the cryptographic security of the affected Vasion Print Virtual Appliance Host and Application deployments. This may allow attackers to exploit weaknesses in TLS/SSL or cryptographic operations, potentially leading to compromise of confidentiality, integrity, and availability of communications and data. The CVSS score of 9.3 (critical) reflects the high severity of this risk. However, there are no known exploits in the wild at this time.

A patch is available from the vendor to update the OpenSSL library to a supported version. Since this is a cloud-hosted service, the vendor manages remediation and patch deployment on their side. Users should verify with Vasion that their environment is running a patched version (22.0.893 or later for the Virtual Appliance Host, 20.0.2140 or later for macOS/Linux clients). No additional user action is required if the vendor confirms the environment is up to date.