CVE-2025-34230 is a medium-severity vulnerability affecting the Vasion Print Virtual Appliance Host and Application (formerly PrinterLogic) in versions prior to 25.1.102 and 25.1.1413 respectively. The vulnerability is a blind server-side request forgery (SSRF) flaw caused by missing authentication controls on a critical function accessible via the /var/www/app/console_release/hp/log_off_single_sign_on.php script. An unauthenticated attacker can exploit this by registering a printer with a crafted hostname. The software stores this hostname in the variable $printer_vo->str_host_address and later constructs a URL such as 'http://<host-address>:80/DevMgmt/DiscoveryTree.xml' which it requests using curl without any validation, whitelisting, or filtering against private/internal network addresses. Because the SSRF is blind, the attacker cannot directly see the response data but can use the vulnerability to probe internal services, trigger internal actions, or gather intelligence about the internal network environment. This can facilitate further attacks such as internal network reconnaissance or pivoting. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) and CWE-918 (Server-Side Request Forgery). The CVSS 4.0 base score is 6.9, reflecting network attack vector, no privileges or user interaction required, and low to medium impact on confidentiality and integrity. Although a fix has been confirmed, the exact patch introduction date is unclear, and no public exploits are currently known. The vulnerability affects all versions prior to the fixed releases, indicating a broad exposure for deployments not yet updated.

For European organizations using Vasion Print Virtual Appliance Host, this vulnerability poses a significant risk to internal network security. Since the appliance is often deployed in enterprise printing environments, exploitation could allow attackers to bypass perimeter defenses and access internal services that are otherwise inaccessible externally. This can lead to reconnaissance of sensitive internal infrastructure, potential triggering of unintended internal operations, and gathering of intelligence that could facilitate lateral movement or further compromise. Confidentiality and integrity of internal systems may be impacted, although availability impact is low. The unauthenticated nature of the vulnerability increases risk, as attackers do not need valid credentials or user interaction. Organizations in Europe relying on this product for print management, especially those with complex internal networks or sensitive internal services, could face increased risk of internal network exposure and subsequent attacks if patches are not applied promptly.

European organizations should immediately verify their Vasion Print Virtual Appliance Host and Application versions and upgrade to at least version 25.1.102 for the appliance and 25.1.1413 for the application or later. If immediate patching is not feasible, network-level mitigations should be applied, including restricting outbound HTTP requests from the appliance to only trusted and necessary destinations, implementing strict egress filtering to prevent SSRF exploitation targeting internal IP ranges, and monitoring network traffic for unusual curl or HTTP request patterns originating from the appliance. Additionally, organizations should audit printer registration processes to detect anomalous hostnames and implement input validation or filtering on printer hostnames if possible. Enabling logging and alerting on suspicious internal requests triggered by the appliance can help detect exploitation attempts. Finally, segmenting the appliance network zone from critical internal services can limit the impact of SSRF attacks.