Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Nov 17, 2025
Vasion Print (formerly PrinterLogic) Unauthenticated Firmware Update Endpoint RCE
CVE-2025-34215
Description
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page returns a signed token usable at va-api/v1/update, and every Docker image contains the appliance’s private GPG key and hard-coded passphrase. An attacker who extracts the key and obtains a token can decrypt, modify, re-sign, upload, and trigger malicious firmware, gaining remote code execution. This vulnerability has been identified by the vendor as: V-2024-020 — Remote Code Execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<22.0.1026+ 1 more
- (no CPE)range: <22.0.1026
- (no CPE)range: *
- Range: *
Patches
Vulnerability mechanics
References
4- help.printerlogic.com/saas/Print/Security/Security-Bulletins.htmmitrevendor-advisorypatch
- help.printerlogic.com/va/Print/Security/Security-Bulletins.htmmitrevendor-advisorypatch
- www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-firmware-update-endpoint-rcemitrethird-party-advisory
- pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.htmlmitretechnical-description
News mentions
0No linked articles in our index yet.