HIGH🇬🇧 English

CVE-2025-34202

CVSS 8.7v4.0pub. 2025-09-19upd. 2025-10-02

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attacker on the same external L2 segment — or an attacker able to add routes using the appliance as a gateway — to reach container IPs directly. This grants access to internal services (HTTP APIs, Redis, MySQL, etc.) that are intended to be isolated inside the container network. Many of those services are accessible without authentication or are vulnerable to known exploitation chains. As a result, compromise of a single reachable endpoint or basic network access can enable lateral movement, remote code execution, data exfiltration, and full system compromise. This vulnerability has been identified by the vendor as: V-2025-003 — Insecure Access to Docker Instance from WAN.

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Vasion Virtual Appliance Application

    APP
    Vasion
    < 25.1.1413
  • Vasion Virtual Appliance Host

    APP
    Vasion
    < 25.2.169
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEContainer
CWE
Referencje

Powiązane podatności

CVE-2025-34210CRITICAL9.4PL ✓ten sam produkt

Vasion Print Virtual Appliance — hasła w plikach plaintext dostępnych dla wszystkich

CVE-2025-34217CRITICAL10.0PL ✓ten sam produkt

Vasion Print: hardcoded SSH key umożliwiający root access do appliance

CVE-2025-34211CRITICAL9.3PL ✓ten sam produkt

Vasion Print: hardcoded klucz prywatny SSL we wszystkich instancjach

CVE-2025-34209CRITICAL9.4PL ✓ten sam produkt

Hardcoded klucz prywatny GPG w Vasion Print Virtual Appliance

CVE-2025-34196CRITICAL9.3PL ✓ten sam produkt

Vasion Print: hardcoded klucz prywatny CA i hasło w plikach konfiguracyjnych