CVE-2022-25090

HIGH

Printix < 1.3.1106.0 - Privilege Escalation via Insecure Temporary File Permissions

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-25090. PoCs published by Logan Latvala, ComparedArray.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in Printix Client by manipulating the msiwrapper.ini file during installation to execute an arbitrary payload with elevated privileges. It enumerates the Windows Installer directory for Printix-related MSI files and modifies the temporary setup file to point to the attacker's payload.

Description

Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.

Exploits (2)

exploitdb WORKING POC

by Logan Latvala · localwindows

https://www.exploit-db.com/exploits/50812

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in Printix Client by manipulating the msiwrapper.ini file during installation to execute an arbitrary payload with elevated privileges. It enumerates the Windows Installer directory for Printix-related MSI files and modifies the temporary setup file to point to the attacker's payload.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Printix Client <= 1.3.1106.0

No auth needed

Prerequisites: Printix Client installed on the target system · Local access to the system · Payload file provided as an argument

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by ComparedArray · poc

https://github.com/ComparedArray/printix-CVE-2022-25090

View Code ZIP pw:eip

This PoC exploits CVE-2022-25090 by manipulating the Printix installer's temporary files to achieve local privilege escalation. It monitors for the creation of 'msiwrapper.ini' and injects a malicious payload path into it.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Printix Client (version not explicitly specified)

No auth needed

Prerequisites: Printix Client installed on the target system · Local access to the system · Payload file to execute

MITRE ATT&CK

T1548.002 - Bypass User Account Control T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Broken Link x_refsource_misc

http://printix.com

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50812

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166242/Printix-Client-1.3.1106.0-Privilege-Escalation.html

Third Party Advisory x_refsource_misc

https://github.com/ComparedArray/printix-CVE-2022-25090

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/167012/Printix-1.3.1106.0-Privilege-Escalation.html

Scores

CVSS v3 8.1

EPSS 0.1101

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (1)

kofax/printix < 1.3.1106.0

Published Mar 10, 2022

Tracked Since Feb 18, 2026