CNNVD-202509-4351 Information

Sep 29, 2025 cve

CNNVD ID

CNNVD-202509-4351

CVE-2025-34220

  • CNNVD Published: 2025-09-29

Description (Chinese)

Vasion Print Virtual Appliance Host是美国Vasion公司的一个打印管理软件。 Vasion Print Virtual Appliance Host 25.1.102之前版本存在安全漏洞,该漏洞源于/api-gateway/identity/search-groups端点未进行身份验证,可能导致远程攻击者枚举租户的所有组对象。

Description (English)

Vasion Print Virgin Application Host is a print management software for Vasion in the United States. The previous version of Vasion Print Universal Host 25.1.102 had a security loophole, which originated from the lack of identification of the /api-gateway/education/search-groups endpoint, which could result in a remote attacker placing all the tenants’ targets.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Vasion

Published

2025-09-29

Last Modified

2026-02-24

References

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-api-leak https://www.vulncheck.com/advisories/vasion-print-printerlogic-unauth-api-leaks-group-info

Patch

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Share on: