CVE-2025-34230 is a server-side request forgery (SSRF) vulnerability affecting Vasion Print Virtual Appliance Host prior to version 25.1.102 and Application prior to 25.1.1413 in VA/SaaS deployments. The vulnerability exists in the /var/www/app/console_release/hp/log_off_single_sign_on.php script, which can be accessed without authentication. When a printer is registered, the software stores the printer’s host name in the variable $printer_vo->str_host_address. Later, the application constructs a URL in the form 'http://<host-address>:80/DevMgmt/DiscoveryTree.xml' and issues a curl request to this URL without validating or filtering the host address. This lack of validation means an attacker can supply arbitrary hostnames, including internal IP addresses or hostnames, causing the server to make requests to internal network resources. Because the SSRF is blind, the attacker does not receive the response data directly but can infer information by observing side effects such as timing, error messages, or triggered internal actions. The vulnerability is categorized under CWE-306 (Missing Authentication for Critical Function) and CWE-918 (Server-Side Request Forgery). The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network attack vector, no required privileges or user interaction, and limited confidentiality and integrity impact. No public exploits are known, and the patch introduction date is unclear, though the vulnerability has been confirmed fixed in later versions.

For European organizations, this vulnerability poses a risk of internal network reconnaissance and potential indirect attacks. Attackers can leverage the SSRF to probe internal services that are otherwise inaccessible from the internet, potentially discovering sensitive infrastructure such as internal management consoles, databases, or other critical systems. This can lead to further exploitation or lateral movement within the network. The lack of authentication means any unauthenticated attacker can attempt exploitation, increasing exposure. Although the SSRF is blind and does not directly disclose data, it can be used to trigger internal actions or gather intelligence that aids in more targeted attacks. Organizations relying on Vasion Print Virtual Appliance Host for enterprise printing management, especially those with complex internal networks, may face increased risk of internal network mapping and indirect compromise. The impact on confidentiality and integrity is limited but non-negligible, while availability impact is minimal. The vulnerability could also be leveraged in multi-stage attacks targeting critical infrastructure or sensitive data within European enterprises.

1. Upgrade Vasion Print Virtual Appliance Host to version 25.1.102 or later and Application to version 25.1.1413 or later, where the vulnerability has been remediated. 2. If immediate upgrade is not possible, implement network-level controls to restrict outbound HTTP requests from the appliance to only trusted and necessary destinations, preventing arbitrary internal network access. 3. Apply strict input validation and whitelist filtering on any user-controllable parameters that influence network requests, ensuring only legitimate hostnames or IP addresses are accepted. 4. Monitor logs for unusual or unexpected outbound requests originating from the appliance, which may indicate exploitation attempts. 5. Segment the network to isolate printing infrastructure from sensitive internal systems, limiting the potential impact of SSRF exploitation. 6. Employ web application firewalls (WAFs) or intrusion detection systems (IDS) capable of detecting SSRF patterns targeting the vulnerable script. 7. Conduct internal penetration testing and vulnerability assessments focusing on SSRF and related network access controls to identify residual risks.