CVE-2025-34192

moderate-risk

Published 2025-09-19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations. This vulnerability has been identified by the vendor as: V-2023-021 — Out-of-Date OpenSSL Library.

Do I need to act?

0.59% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Virtual Appliance Application

Virtual Appliance Host

Affected Vendors

Vasion

References (4)

Vendor Advisory https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Vendor Advisory https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Exploit https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabiliti...

Third Party Advisory https://www.vulncheck.com/advisories/vasion-print-printerlogic-usage-of-outdated...

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 7/34 · Low