CVE-2025-34199 is a critical security vulnerability identified in Vasion Print Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786, including both VA and SaaS deployments. The root cause is improper certificate validation (CWE-295) due to insecure default configurations and coding practices that disable TLS/SSL certificate verification. Specifically, the application disables libcurl and PHP transport options CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, which are essential for verifying the authenticity of TLS certificates. Additionally, environment variables such as API_*_VERIFYSSL=false are used to disable SSL verification for gateway and microservice endpoints. This results in the client accepting TLS connections without validating server certificates, and in some cases, falling back to unencrypted HTTP communication. Consequently, an attacker positioned on the network path between the Vasion Print appliance and printers or internal microservices can perform man-in-the-middle (MitM) attacks. Such an attacker can intercept and eavesdrop on sensitive data including print jobs, configuration details, and authentication tokens. They can also modify or inject malicious payloads into the data stream, potentially compromising the integrity of print jobs or the appliance itself, or disrupt service availability. The vulnerability requires no authentication or user interaction, making it trivially exploitable over the network. The CVSS 4.0 base score is 9.3, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. While no known exploits are currently reported in the wild, the severity and ease of exploitation make this a critical risk. The vendor has identified this issue as V-2024-024 and it is recommended to patch affected versions promptly once updates are available. Until patches are applied, organizations should enforce strict TLS verification policies, disable insecure environment variables, and monitor network traffic for signs of MitM activity.

For European organizations, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of print infrastructure and related services. Many enterprises and public sector entities rely heavily on centralized print management solutions like Vasion Print for document workflows. Exploitation could lead to leakage of sensitive documents, exposure of authentication credentials, and injection of malicious print jobs or commands that disrupt operations. This can affect compliance with data protection regulations such as GDPR, especially if sensitive personal or corporate data is intercepted or altered. The disruption of printing services can impact business continuity, particularly in sectors like healthcare, finance, and government where timely document processing is critical. Additionally, attackers could leverage this vulnerability as a foothold for lateral movement within internal networks by compromising microservices communicating with the appliance. The lack of authentication and user interaction requirements increases the likelihood of exploitation in environments where network segmentation or encryption is insufficient. Overall, the vulnerability undermines trust in secure communications within print environments and can facilitate broader cyberattacks against European organizations.

1. Apply vendor patches immediately once released to update Vasion Print Virtual Appliance Host to versions 22.0.1049 or later and Application versions 20.0.2786 or later. 2. Audit and remove any environment variables (e.g., API_*_VERIFYSSL=false) that disable SSL verification. 3. Enforce strict TLS certificate validation by ensuring CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER options are enabled in all transport configurations. 4. Configure network segmentation to isolate print appliances and microservices from general user networks, reducing exposure to MitM attacks. 5. Use network-level encryption such as IPsec or VPN tunnels between print appliances and printers/microservices to protect traffic even if application-level TLS is compromised. 6. Monitor network traffic for anomalies indicative of MitM attacks, such as unexpected certificate changes or unencrypted HTTP traffic. 7. Implement strong logging and alerting on print appliance communications to detect unauthorized modifications or disruptions. 8. Educate IT staff on the risks of disabling SSL verification and enforce secure coding and configuration practices for internal applications. 9. Consider deploying endpoint detection and response (EDR) solutions on print appliance hosts to detect exploitation attempts. 10. Review and update incident response plans to include scenarios involving print infrastructure compromise.