CVE-2025-34212
CRITICALDescription
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| vasion | virtual_appliance_application |
| vasion | virtual_appliance_host |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2025-34212? +
How severe is CVE-2025-34212? +
What products are affected by CVE-2025-34212? +
How do I check if I'm vulnerable to CVE-2025-34212? +
Related Vulnerabilities
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if …
Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation …
Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP …
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …
A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the …
iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These …