CVE-2022-25089

CRITICAL

Printix < 1.3.1106.0 - Privilege Escalation via UITasks.PersistentRegistryData

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-25089. PoCs published by Logan Latvala, ComparedArray.

AI-analyzed exploit summary This exploit leverages CVE-2022-25089 to achieve remote code execution by manipulating registry values via the Printix Client's insecure handling of registry data. The PoC allows arbitrary registry modifications, which can lead to RCE by altering service configurations.

Description

Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly uses Privileged APIs to modify values in HKEY_LOCAL_MACHINE via UITasks.PersistentRegistryData.

Exploits (2)

exploitdb WORKING POC

by Logan Latvala · remotewindows

https://www.exploit-db.com/exploits/50798

View Code ZIP pw:eip

This exploit leverages CVE-2022-25089 to achieve remote code execution by manipulating registry values via the Printix Client's insecure handling of registry data. The PoC allows arbitrary registry modifications, which can lead to RCE by altering service configurations.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Printix Client <= 1.3.1106.0

No auth needed

Prerequisites: Network access to the Printix Client service · Printix Client service running on target

MITRE ATT&CK

T1112 - Modify Registry T1543.003 - Windows Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by ComparedArray · poc

https://github.com/ComparedArray/printix-CVE-2022-25089

View Code ZIP pw:eip

This PoC demonstrates a vulnerability in Printix client communication protocol (CVE-2022-25089) by establishing an SSL/TLS connection to a Printix server and sending crafted messages. The code includes session handling and message serialization/deserialization to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Printix Client

No auth needed

Prerequisites: Network access to Printix server · Printix client installed on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Broken Link x_refsource_misc

http://printix.com

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50798

Third Party Advisory x_refsource_misc

https://github.com/ComparedArray/printix-CVE-2022-25089

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167013/Printix-1.3.1106.0-Privileged-API-Abuse.html

Scores

CVSS v3 9.8

EPSS 0.1862

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (1)

kofax/printix < 1.3.1106.0

Published Mar 03, 2022

Tracked Since Feb 18, 2026