CVE-2025-34189

HIGH

Vasion Print <1.0.735-20.0.1330 - Code Injection

Title source: llm
STIX 2.1

Description

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application versions prior to 20.0.1330 (macOS/Linux client deployments) contain a vulnerability in the local inter-process communication (IPC) mechanism. The software stores IPC request and response files inside /opt/PrinterInstallerClient/tmp with world-readable and world-writable permissions. Any local user can craft malicious request files that are processed by privileged daemons, leading to unauthorized actions being executed in other user sessions. This breaks user session isolation, potentially allowing local attackers to hijack sessions, perform unintended actions in the context of other users, and impact system integrity and availability. This vulnerability has been identified by the vendor as: V-2022-004 — Client Inter-process Security.

References (4)

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 16.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-732 CWE-922
Status published
Products (2)
vasion/virtual_appliance_application < 20.0.1330
vasion/virtual_appliance_host < 1.0.735
Published Sep 19, 2025
Tracked Since Feb 18, 2026