CVE-2025-34230 is a server-side request forgery (SSRF) vulnerability affecting Vasion Print Virtual Appliance Host prior to version 25.1.102 and Application prior to 25.1.1413 in VA/SaaS deployments. The vulnerability exists in the /var/www/app/console_release/hp/log_off_single_sign_on.php script, which is accessible without authentication. When a printer is registered, its hostname is stored in the variable $printer_vo->str_host_address. Subsequently, the application constructs a URL in the form 'http://<host-address>:80/DevMgmt/DiscoveryTree.xml' and issues a curl request to this URL without any validation, whitelisting, or filtering to prevent requests to private or internal networks. This lack of input validation and missing authentication (CWE-306) allows an unauthenticated attacker to induce the server to make arbitrary HTTP requests to internal or external systems, effectively enabling blind SSRF (CWE-918). Although the attacker cannot directly view the response, they can use this technique to probe internal services, trigger internal actions, or gather intelligence about the internal network environment. The vulnerability has been confirmed as remediated, but the exact patch release date is unclear. The CVSS 4.0 base score is 6.9, reflecting network attack vector, no privileges or user interaction required, and low to medium impact on confidentiality and integrity. No known exploits have been reported in the wild to date.

For European organizations, this vulnerability poses a risk of internal network reconnaissance and indirect exploitation through blind SSRF. Attackers can leverage the vulnerability to map internal services, potentially identifying further exploitable targets or sensitive internal endpoints. This could lead to lateral movement within the network or triggering unintended internal actions, impacting operational integrity. Organizations relying on Vasion Print appliances for centralized print management in enterprise or critical infrastructure environments may face increased risk of information leakage and disruption. The unauthenticated nature of the vulnerability increases its attractiveness to remote attackers. While direct data exfiltration is limited due to the blind nature of the SSRF, the intelligence gathered can facilitate more sophisticated attacks. The impact is heightened in environments where network segmentation is weak or where internal services lack robust authentication and access controls.

1. Apply the latest patches from Vasion as soon as they are available and verify that the appliance is updated to version 25.1.102 or later, and the application to 25.1.1413 or later. 2. Restrict network access to the Vasion Print Virtual Appliance Host to trusted management networks only, using firewall rules and network segmentation to limit exposure. 3. Implement network-level SSRF protections such as egress filtering to block unauthorized outbound HTTP requests from the appliance to internal or sensitive network segments. 4. Monitor logs for unusual or unexpected outbound requests originating from the appliance, especially to internal IP ranges or uncommon ports. 5. Conduct internal network scans and audits to identify and secure any services that could be targeted via SSRF. 6. Enforce strict input validation and authentication controls on all management interfaces and scripts, ensuring critical functions require proper authorization. 7. Consider deploying web application firewalls (WAFs) with SSRF detection capabilities to detect and block suspicious request patterns.