CVE-2025-34220 is a medium-severity vulnerability affecting Vasion Print Virtual Appliance Host (formerly PrinterLogic) versions prior to 25.1.102 and Application versions prior to 25.1.1413 in VA/SaaS deployments. The vulnerability stems from a missing authentication control on the /api-gateway/identity/search-groups endpoint. This endpoint can be accessed remotely without any authentication, allowing an unauthenticated attacker to enumerate all group objects associated with a specific tenant. By sending crafted requests to https://<tenant>.printercloud10.com/api-gateway/identity/search-groups and manipulating the Host header, the attacker can retrieve sensitive internal identifiers such as group IDs, source service IDs, Azure Active Directory object IDs, creation timestamps, and tenant IDs. These details can be leveraged for further reconnaissance or targeted attacks against the tenant's environment. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and CWE-200 (Information Exposure). Although the vendor has confirmed remediation, the exact patch introduction date is unclear. The CVSS v4.0 base score is 6.9, reflecting a network-exploitable vulnerability with no authentication or user interaction required, but with limited impact confined to information disclosure without direct integrity or availability compromise.

For European organizations using Vasion Print Virtual Appliance Host or its SaaS application, this vulnerability poses a significant risk of information leakage. The exposure of internal group identifiers and Azure AD object IDs can facilitate targeted phishing, privilege escalation, or lateral movement within the organization's network. Attackers can map the tenant's group structure and potentially correlate this data with other leaked information to identify high-value targets or privileged accounts. While the vulnerability does not directly allow modification or disruption of services, the confidentiality breach can undermine organizational security posture and compliance with data protection regulations like GDPR. Additionally, the exposure of tenant IDs and timestamps could aid in timing attacks or social engineering campaigns. Given the widespread use of Azure AD in European enterprises, the impact is amplified in environments relying heavily on cloud identity services integrated with Vasion Print. The lack of authentication requirement increases the attack surface, enabling remote exploitation without prior access or user interaction.

Organizations should immediately verify their Vasion Print Virtual Appliance Host and SaaS application versions and upgrade to versions 25.1.102 or later for the appliance and 25.1.1413 or later for the application to ensure the vulnerability is patched. In the absence of immediate patching, network-level controls should be implemented to restrict access to the /api-gateway/identity/search-groups endpoint, such as firewall rules or API gateway policies limiting requests to trusted IP ranges or authenticated users only. Monitoring and logging of access to this endpoint should be enhanced to detect anomalous or unauthorized queries. Additionally, organizations should review and tighten Azure AD group permissions and audit group membership changes to minimize the impact of potential enumeration. Employing Web Application Firewalls (WAF) with custom rules to block unauthenticated requests to sensitive API endpoints can provide a temporary protective layer. Finally, security teams should conduct threat hunting exercises to identify any prior exploitation attempts and update incident response plans to address potential information disclosure scenarios related to this vulnerability.