CVE-2025-34212

UNKNOWN 0.0

Vasion Print (formerly PrinterLogic) Insecure Build Pipeline

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack.

CWE	CWE-494 CWE-732
Vendor	vasion
Product	print virtual appliance host
Published	Sep 29, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for vasion print virtual appliance host

Be the first to know when new unknown vulnerabilities affecting vasion print virtual appliance host are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Vasion / Print Virtual Appliance Host

* < 22.0.843

Vasion / Print Application

* < 20.0.1923

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pierrekim.github.io: https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-supply-chain-build-system help.printerlogic.com: https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm help.printerlogic.com: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm vulncheck.com: https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-build-pipeline

Credits

Pierre Barre