CVE-2025-34189

HIGH

Vasion Print <1.0.735-20.0.1330 - Code Injection

Title source: llm

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm

Exploit, Third Party Advisory technical-description exploit

https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#mac-lack-auth-communication

Vendor Advisory vendor-advisory patch

https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-interprocess-communication

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732 CWE-922

Status published

Products (4)

Vasion/Print Application < 20.0.1330

Vasion/Print Virtual Appliance Host < 1.0.735

vasion/virtual_appliance_application < 20.0.1330

vasion/virtual_appliance_host < 1.0.735

Published Sep 19, 2025

Tracked Since Feb 18, 2026