Which versions of OpenSSL are affected by CVE-2025-34192?

CVE-2025-34192 presents critical security risk rated CVSS 9.3. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

Is there a public PoC exploit available for CVE-2025-34192?

Yes, a public proof-of-concept exploit is available for CVE-2025-34192. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2025-34192?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Monitor vendor channels for patch availability.

OpenSSL CVE-2025-34192

Q: What is the CVSS score of CVE-2025-34192?

CVE-2025-34192 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

CRITICAL

Use of Unmaintained Third Party Components (CWE-1104)

2025-09-19 disclosure@vulncheck.com

Information Disclosure OpenSSL Apple macOS Virtual Appliance Application Virtual Appliance Host

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:13 vuln.today

PoC Detected

Oct 02, 2025 - 22:15 vuln.today

Public exploit code

CVE Published

Sep 19, 2025 - 19:15 nvd

CRITICAL 9.3

DescriptionNVD

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations. This vulnerability has been identified by the vendor as: V-2023-021 - Out-of-Date OpenSSL Library.

AnalysisAI

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1104. Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 (macOS/Linux client deployments) are built against OpenSSL 1.0.2h-fips (released May 2016), which has been end-of-life since 2019 and is no longer supported by the OpenSSL project. Continued use of this outdated cryptographic library exposes deployments to known vulnerabilities that are no longer patched, weakening the overall security posture. Affected daemons may emit deprecation warnings and rely on cryptographic components with unresolved security flaws, potentially enabling attackers to exploit weaknesses in TLS/SSL processing or cryptographic operations. This vulnerability has been identified by the vendor as: V-2023-021 - Out-of-Date OpenSSL Library. Affected products include: Vasion Virtual Appliance Application, Vasion Virtual Appliance Host. Version information: prior to 22.0.893.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.