Auth bypass in Vasion Print Application
CVE-2025-34220
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentica…
Vulnerability class: Broken Authentication
EPSS: 0.002 (48.1th percentile) — read the EPSS interpretation.
Affected products
- Vasion Print Application — versions 0
- Vasion Print Virtual Appliance Host — versions 0
Weakness classification (CWE)
References
- pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html (technical-description)
- help.printerlogic.com/va/Print/Security/Security-Bulletins.htm (vendor-advisory, patch)
- help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm (vendor-advisory, patch)
- www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-api-leaks-group-i… (third-party-advisory)