CVE-2025-34232 is a server-side request forgery (SSRF) vulnerability affecting Vasion Print Virtual Appliance Host (formerly PrinterLogic) prior to version 25.1.102 and its Application prior to version 25.1.1413 in VA/SaaS deployments. The vulnerability exists in the /var/www/app/console_release/lexmark/dellCheck.php script, which is accessible without authentication. When a printer is registered, the software stores the printer’s hostname in the variable $printer_vo->str_host_address. Later, the application constructs a URL in the form 'http://<host-address>:80/DevMgmt/DiscoveryTree.xml' and issues a curl request to this URL without validating or filtering the hostname input. This lack of validation and absence of whitelist or private network filtering allows an attacker to supply arbitrary hostnames, including internal IP addresses or services, causing the server to make blind HTTP requests on the attacker’s behalf. Although the attacker cannot directly view the response (blind SSRF), they can use this to probe internal network services, trigger internal actions, or gather intelligence about the internal environment. The vulnerability stems from missing authentication controls on a critical function (CWE-306) and the SSRF nature (CWE-918). The CVSS 4.0 base score is 6.9 (medium severity), reflecting that the attack requires no privileges or user interaction, is network accessible, and impacts confidentiality and integrity to a limited extent. No public exploits have been reported, and while a patch is confirmed, the exact patch introduction date is unclear. This vulnerability poses a risk primarily to organizations using vulnerable versions of Vasion Print appliances, especially in environments where internal network services are sensitive or exposed.

For European organizations, this SSRF vulnerability can lead to unauthorized internal network reconnaissance and potential triggering of internal service actions, which may facilitate further attacks such as lateral movement or data exfiltration. Although the SSRF is blind and does not directly expose data, it can be leveraged to map internal infrastructure or exploit other vulnerabilities in internal services. Enterprises relying on Vasion Print Virtual Appliance Host for centralized print management may face increased risk of internal network compromise. This is particularly critical for organizations with sensitive internal services exposed on the same network segment as the appliance. The lack of authentication on the vulnerable endpoint increases the attack surface, allowing external attackers to exploit the vulnerability without credentials. The impact on confidentiality and integrity is limited but non-negligible, as attackers can indirectly influence internal network behavior. Availability impact is minimal as the vulnerability does not directly cause denial of service. Given the widespread use of print management solutions in large enterprises and public sector organizations, the vulnerability could be leveraged as part of a multi-stage attack chain.

1. Immediately upgrade Vasion Print Virtual Appliance Host to version 25.1.102 or later and the Application to version 25.1.1413 or later where the vulnerability is patched. 2. Implement strict network segmentation to isolate print management appliances from critical internal services and sensitive network segments, minimizing the impact of SSRF. 3. Employ internal network monitoring and anomaly detection to identify unusual outbound requests originating from print appliances. 4. Restrict outbound HTTP requests from the appliance to only trusted and necessary destinations using firewall rules or proxy filtering. 5. If patching is delayed, consider disabling or restricting access to the vulnerable /var/www/app/console_release/lexmark/dellCheck.php script or applying web application firewall (WAF) rules to block suspicious requests targeting this endpoint. 6. Conduct internal audits of printer hostnames registered in the system to detect any suspicious or malformed entries that could be exploited. 7. Educate IT and security teams about SSRF risks and ensure incident response plans include scenarios involving internal network reconnaissance via SSRF.