CVE-2025-34220

UNKNOWN 0.0

Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to https://<tenant>.printercloud10.com/api-gateway/identity/search-groups and adjustments to the `Host` header allow an unauthenticated remote attacker to enumerate every group object stored for that tenant. The response includes internal identifiers (group ID, source service ID, Azure AD object IDs, creation timestamps, and tenant IDs). This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.

CWE	CWE-306 CWE-200
Vendor	vasion
Product	print virtual appliance host
Published	Sep 29, 2025
Last Updated	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for vasion print virtual appliance host

Be the first to know when new unknown vulnerabilities affecting vasion print virtual appliance host are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Vasion / Print Virtual Appliance Host

0 < 25.1.102

Vasion / Print Application

0 < 25.1.1413

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pierrekim.github.io: https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-api-leak help.printerlogic.com: https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm help.printerlogic.com: https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm vulncheck.com: https://www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-api-leaks-group-info

Credits

Pierre Barre