cvedb.io
CVE-2025-34218
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-09-29T21:15:35.450 · Last modified 2026-06-17T09:13:40.703

Summary

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire

Affected products

vasion — virtual_appliance_application

Does this affect you?

Add your gear to cvedb and we'll alert you only when vasion ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.